[NTLUG:Discuss] crackers

Kendall Clark kclark at ntlug.org
Tue Aug 31 23:21:50 CDT 1999 

>>>>> "Chris" == Chris Cox <cjcox at acm.org> writes:

    Chris> Just for grins, I ran Saint (formerly Satan) on my desktop
    Chris> (SuSE 6.1) with my laptop connected (also SuSE 6.1).  My
    Chris> first experiences with the Satan program was that it
    Chris> checked for the obvious....Saint has lived up to my
    Chris> expectations by only finding items which I probably would
    Chris> have guessed myself: finger daemon, NFS.  Lots of
    Chris> warnings....not any critical issues.  I haven't done
    Chris> anything real special with regards to tuning the security
    Chris> on my platforms (don't spread that around).

Along these lines...

My favorite technique is simply to go to the script-kiddie sites, like
rootshell.com, grab 3 or 4 of the 'latest greatest' root kits, port
scanners, pre-bundled globs of mayhem, etc. and then run them against
my boxes.

My guess is that 9,999 of 10,000 attacks these days are run by people
who don't really understand what they are doing. They certainly know
very little about tcp/ip, C, Unix, etc.

What they have is a Linux box and a foolish disregard for other
people's property. So they grab these root kits and port scanners and
simply run them against hosts until they get lucky.

These tools really do come fairly nicely packaged, and tend to give
good detail. So after running it against your boxes, fix the problems
that they reveal: clean up unecessary NFS mounts, update old versions
of bind, consider turning off pop3d/imapd if you're not using them,
kill finger, switch from telnet to ssh, etc.

If your box isn't vulnerable to this kind of 'off-the-shelf' attack,
then it's probably going to secure enough to withstand nearly all
actual attacks. A real cracker -- i.e., the few people who develop
exploits on their own -- won't be stopped by doing this, but there
just aren't that many of them around. And it's not very likely that
they want to break into *your* box hanging off your cable modem.

This is, admittedly, the 'worse is better' approach to security, and
it probably isn't good enough for corporate security, but it seems to
be a good mixture of paranoia v. reasonableness for most of us.

Best,
Kendall
--
Corporations are not persons

More information about the Discuss mailing list