[NTLUG:Discuss] crackers

[cbbrowne@godel.brownes.org]

On Fri, 27 Aug 1999 10:08:17 CDT, the world broke into rejoicing as
MadHat <madhat at unspecific.com>  said:
> Daniel Shipman wrote:
> > 
> > Greg E wrote:
> > >
> > > Given this discussion I have an idea (ouch that hurt) for NTLUG.  Given t
he
> > > level of security knowledge here (not mine) could NTLUG establish a servi
ce
> > > where they could test the security of a system for a reasonable fee.
> > 
> > I'd pay!!!
> > 
> > What a wonderful idea - Greg I think we should all put you incharge of
> > that one - not really - it's just that it seems everytime I have a good
> > idea for something at church they all look at me and say - Daniel -,
> > that's a good idea! You should head up that committee.
> > 
> > But I am interested in the service
> 
> You shouldn't have to pay.
> 
> I would be willing to check machines for holes.  I mean the main part is
> going to be port scanning and checking versions (all can be done
> remotely, without direct access to your box).  Just remember that the
> same people you ask for help _can_ be the same people you want to keep
> out.  Not that anyone on this list would hack into your box, but all you
> really know is an email address in most cases, so be careful.  Paranoia
> is not always a bad thing.

An interesting idea for a meeting topic might be to build a little LAN
with two or three boxes running fairly standard Linux installs, say
with Red Hat, SuSE, and Debian, run ANGEL/SAINT (or whatever they call
"SATAN" these days), and go through the results, showing how to close
off the holes that it shows off.

Probably it would be necessary only to fix one of them; it would be
interesting to see the differences in "holes" between different
distributions...
--
"Just because the code is intended to cause flaming death is no reason
to get sloppy and leave off the casts." - Tim Smith, regarding sample
(F0 0F C7 C8) Pentium Death code on comp.os.linux.advocacy
cbbrowne at hex.net- <http://www.ntlug.org/~cbbrowne/lsf.html>