Re: Best Linux Firewall?
From: /dev/rob0 (rob0_at_gmx.co.uk)
Date: 12/29/03
- Next message: Mikko Koivunen: "Re: Hacked Red Hat Workstation"
- Previous message: Paul Osterhues: "Hacked Red Hat Workstation"
- In reply to: Paul Osterhues: "Best Linux Firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 28 Dec 2003 21:46:34 -0800
In article <vuv80l6nmfpr45@corp.supernews.com>, Paul Osterhues wrote:
> What is the best Linux firewall script\program, or secure distro? I have
Any distro can be secure, or not.
> been hacked twice, once with a three line masquerade script and another time
Twice? Wow. I've never had the displeasure. How did you know you were
cracked? (BTW that is the proper and preferred term.)
> unusable. I had an NFS share with Red Hat 6.2, and I think it was that. The
An unfirewalled NFS server on a distro that old might indeed be
vulnerable. The normal security strategy is to disable any inherently
vulnerable services such as NFS on your external interface, and then for
good measure throw on a firewall. There are many ready-made iptables
scripts available through freshmeat, which can help you immediately,
with very little learning up front.
You should only expose necessary services to the outside, and watch for
security upgrades of those. Some distros can do this automatically (but
I would not like that.)
> second time I was hacked, with Red Hat 9, the gateway was fine, but then my
> printer drivers were rendered inoperable, and when I checked the system logs
> (XP) he also got access to my registry (Needless to say, the remote registry
> service was turned on) to move some icons around and change display
What's the connection between XP logs and Red Hat 9? This does not make
sense. How could that have resulted from a compromise on Linux? What is
the evidence that the Linux box was cracked? Were you forwarding ports
to the XP one?
> settings. I think that the reason this happened was that the NetBIOS was
> turned on. Any ideas to combat this? I think that this guy will try again,
Do you have his IP address? Any reasonable suspicion who might be doing
this and why? If so it could be a matter for the ISP or law enforcement.
> and I need to be prepared for it. I don't know how to check if he has
> internal access still (I installed another rudimentary firewall). Any ideas?
OH sorry. I guess this guy logged in on your machine. Well you cannot
trust a cracked machine for ANY purpose, even with a shiny new iptables
script from freshmeat. The attacker could have replaced your iptables
binary!!
Pull the plug and do a thorough check. Check all your binaries against
known clean copies. Some folks regularly post a what-to-do-after-crack
post here. Google will list quite a few.
-- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply
- Next message: Mikko Koivunen: "Re: Hacked Red Hat Workstation"
- Previous message: Paul Osterhues: "Hacked Red Hat Workstation"
- In reply to: Paul Osterhues: "Best Linux Firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
