Re: /lib/security/.config

From: Peter Eddy (petere@atg.com)
Date: 03/13/02


From: Peter Eddy <petere@atg.com>
Date: Wed, 13 Mar 2002 11:43:27 -0500

David Hart wrote:
>
> Peter Eddy <petere@atg.com> wrote:
>
> > Yes these points are correct, but in my many years of managing my
> > personal Linux firewall I've noticed that crackers have never bothered
> > to modify RPM. Additional files are often found by inspecting scripts
> > that RPM reports as modified, these scripts generaly contained commands
> > to start the cracker's tools which are the additional files.
>
> So you're saying that with your 'personal' firewall you've been cracked
> often enough to gain an opinion on what crackers install? Kind of
> devalues the perceived value of your experience, doesn't it?
>

By personal I mean a firewall for my home network, one not used for a
business. I don't think that's an uncommon enough use of the term
"personal firewall" to warrant the apparently pejorative quotes in your
comment.

As far as my record, I've had the firewall in question for about six
years. Four cracks in six years isn't a bad record for a non diligently
maintained home Linux based firewall with a static IP address. The most
recent one was the SSH vulnerability and I was cracked just hours after
learning about it.

I will argue that by simply reformatting/reinstalling you've lost
valuable knowledge of what crackers and their tools do and therefore
make yourself more vulnerable to future attempts. I know this heterodoxy
causes tempers to flair among well meaning security minded people, but
the recommendation to simply reformat and reinstall often simply results
in the machine returning to it's original vulnerable state.



Relevant Pages

  • Re: Hacker in my computer
    ... I think someone used a sniffer to get my passwords as I used telnet to ... > I was always online and I guess a big target for crackers since I was online for ... > several weeks before I set up my firewall. ...
    (comp.os.linux.security)
  • Re: /lib/security/.config
    ... >> often enough to gain an opinion on what crackers install? ... *decent* firewall, full-stop. ... > recent one was the SSH vulnerability and I was cracked just hours after ... > valuable knowledge of what crackers and their tools do and therefore ...
    (comp.os.linux.security)
  • Re: /lib/security/.config
    ... >>> So you're saying that with your 'personal' firewall you've been cracked ... >>> often enough to gain an opinion on what crackers install? ... Four cracks in six years isn't a bad record for a non diligently ... > It doesn't excuse you getting cracked through negligence, ...
    (comp.os.linux.security)
  • Re: Maybe a bit OT, maybe not.. in any case an interesting article
    ... The crackers examine the patches to find out where the ... having a good router and other firewall protection. ... And the most common types of exploits are not other users contacting your machine, but you inadvertedly and unknowingly downloading software that exploit your system, and that software then connects to some exterior host, thereby setting up an access vector to your computer. ...
    (comp.os.vms)
  • Re: Maybe a bit OT, maybe not.. in any case an interesting article
    ... The crackers examine the patches to find out where the ... having a good router and other firewall protection. ... And if you read what I replied to, that poster explicitly pointed out that he was not referring to the firewall built into Windows, but external fire walls. ... I could also point out that the built in protection tools are not really that good at protection you either... ...
    (comp.os.vms)