Re: Hardening a Solaris system.

From: Michael Laajanen (michael.laajanen.no-spam._at_telia.com)
Date: 11/16/03

  • Next message: Juha Laiho: "Re: Hardening a Solaris system." 
    Date: Sun, 16 Nov 2003 12:57:10 GMT

    HI,
    Dr. David Kirkby wrote:
    > nmm1@cus.cam.ac.uk (Nick Maclaren) wrote in message news:<bp2v3g$d1h$1@pegasus.csx.cam.ac.uk>...
    >
    >>Oh, I forgot. START by running JASS and probably shutting down
    >>all external connectivity to SSH.
    >>
    >>
    >>Regards,
    >>Nick Maclaren.
    >
    >
    > I'll look at JASS - I was not aware of that. There's an ADSL modem
    > with router and firewall, which as a 'demilitrilised zone', such that
    > you can isolate things like a webserver/ftpserver on one port and have
    > your LAN on the other.
    So you have a SS20 with 3 networks, right?

    Then you should for best protection you should get a third SUN :) and
    put you your webserver there, then you make ipfilter change the
    requested port 80(http default) to something else 2000 maybe and then
    forward the request to the third SUN webserver.

    By doing this, bad guys have harder to access your webserver because
    they have 65535 ports to hack instead of only one (80).

    Then you use SSH do admin the machine from the INSIDE, all accesses from
    the outside should go to webserver(port 80) and a local SUN machine (if
    needed) on SSH port.

    >
    > I don't know if it would be possible to build a 32-bit version of
    > ipfilter on a 64 bit Sun, then move it to the SPARC 20. Probably less
    > hassle to get a download from sunfreeware.
    Last time I checked(some time ago) sunfreeware there was not ipfilter, I
    have mailed Steve about ipfilter but no reply.

    Get a binary version below instead!

    http://www1.maraudingpirates.org:8080/ipfilter/

    OBSERVE the problem with the latest release(also mentioned here on
    Usenet) lately. FWIW, I am running 3.30 on Solaris 8 rock solid for my
    usage, 2x60 MHz Supersparc and 64MB RAM.

    Lucky to be on Sparc, see the access log from my webserver :))

    *****
    217.173.227.25 - - [15/Nov/2003:13:20:34 +0100] "GET
    /scripts/root.exe?/c+dir HTTP/1.0" 404 285
    217.173.227.25 - - [15/Nov/2003:13:20:38 +0100] "GET
    /MSADC/root.exe?/c+dir HTTP/1.0" 404 283
    217.173.227.25 - - [15/Nov/2003:13:20:39 +0100] "GET
    /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293
    217.173.227.25 - - [15/Nov/2003:13:20:40 +0100] "GET
    /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293
    217.173.227.25 - - [15/Nov/2003:13:20:40 +0100] "GET
    /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 30

    *****

    /michael

  • Next message: Juha Laiho: "Re: Hardening a Solaris system."