[juneau-lug] Re: Local Windows world still suffering:
- From: "Stephen E. Bodnar" <sbodnar@xxxxxxx>
- To: juneau-lug@xxxxxxxxxxxxx
- Date: Thu, 04 Sep 2003 07:36:15 -0800
While still in Juneau, I was using an old Zyxel Prestige 300 router
as my primary firewall.It seemed to do the job at first, but I had a
few suspicious events on my network that showed somebody getting
through - my local DNS would crash once in a while, it looked more
like a poisoned cache than anything. I was running BIND 8 on SuSE 7.2
with all the updated patches. I also found a classic breach, a file
in the root home directory (can't remember the name offhand) that's
used to gain root access remotely - it's an old 1997 vintage hack
(!!!). So be careful and mindful with a Linux box too. Unfortunately,
I could never get the logging to work correctly from the Zyxel box.
It was supposed to forward a continuous text file to the linux box,
but one of the effects of the DNS crash would be that the DNS server
could no longer connect to the Gateway router, which happened to be
the Zyxel box! The Zyxel will be retired when I get my new network up
and running here in Kodiak.
I also had a Red Hat 6.3 box (kernel 2.2.19) out in the DMZ exposed
directly to the net. It was running custom software for the ham radio
Internet Radio Linking Project (www.irlp.net). Since the software was
custom, I didn't have much control, but all TCP/IP and UUCP ports
other than SSH and the few high numbered ones for the IRLP services
were disabled. The thing ran flawlessly - it would only go down
during a power outage or hardware failure. I never saw any evidence
of compromise even though the IRLP system uses NISplus, which scares
me to death running anywhere on the net, especially outside a
firewall. The box was a Compaq Deskpro 486 - so there still is plenty
of life left for antique hardware if one has the patience to get it
running (many communication satellites are stll at the 486 level - I
haven't heard of a radiation hardened Pentium yet).
I also had suspicious activity on a Mac - the PowerComputing box
running MacOS 8.1. The network stack kept getting corrupted, and it
couldn't connect to the Netatalk server or sometimes the printer.
This was odd because from what I could gather, the only real security
hole in MacOS 8.1 was if you had the Personal Web Server running - I
had uninstalled it and had tested it from the network side with the
linux box and couldn't find any open ports. If anyone has any ideas
on this one, I'd be glad to hear about it though a Linux mailing list
may not be the correct forum...
I dumped all my Windoze boxes after getting tired of Micro$oft pawing
through everything on my hard drive every time I'd run an update - it
was really interesting to watch the network traffic at packet level
while the upgrade was under way.
Later,
Stephen
>This firewall is Linux/iptables, which is probably pretty common in
>this group. What are the other solutions on the list? Anyone with
>OpenBSD/pf?
>
>Cheers,
>
>James
------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the
word unsubscribe in the subject header.
Other related posts:
