LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
[stats]
From: michael <michael@home.lyppard.com.au>
To : Alan Kennington <akenning@dog.topology.org>
Date: Tue, 30 Jan 2001 19:34:59 +1030 (CST)
Re: apparent vulnerability of [Redhat] linux 6.2
Hi.
Alan, he is talking about one of HIS systems, that has been hacked,
probably by someone with physical access to the machine. That machine was
then used to attack your system.
All this means is that YOU should secure YOUR boxes, because this sort of
threat abounds on the net. RedHat *.2 distributions are arguably no worse
than any other distro, as long as you keep them up to date, (or off the
net)
Certainly, RedHat 6.2 should be patched for security before it is put on
the net. It's been out for quite a while now, and many security flaws have
been uncovered and corrected both with RedHat 6.2 and linux in general.
Did you ever expect it to be any other way? Apart from MacOS and the C64,
just about everything else is in the same basket - there is a chaos of
people out there breaking into and preventing breakins. It is not static,
and if you treat it as static you will be vulnerable.
You know how to do this; just update from the errata, and shutdown any
non-essential services, configure IP-Chains, and watch the RedHat-Announce
list. This is a small price to pay for a fully functional server on the
internet.
The option is to buy space with a provider and take your own network off
the net, reducing the chances by dropping the connect time to nearly
nothing. For that, you then pay someone else to maintain security for your
data...
Michael
On Tue, 30 Jan 2001, Alan Kennington wrote:
> As some of you may know, I report scan probes from time to time.
> Here's an interesting response from Rutgers.
>
> I gather that they mean RedHat linux 6.2 when they say linux 6.2.
>
> It seems to me that there have been a lot of reports of
> the vulnerability of Redhat 6.2 in the last few months.
> Is that so? Is it particularly weak?
>
> I know that my own old 5.2 machines were particularly weak on
> security. I wonder if the *.2 versions are just somehow
> inherently weak. Maybe not....
>
> Since I haven't had permission to publish the quoted e-mail,
> I'll anonymise it a little.
>
> I think this experience just reinforces that RedHat (and probably other
> distributions too) should never be put on the net without
> a lot of serious configuration and patching.
> Yes I know that this is obvious to very many people.
> But not everyone was born with a keyboard in their hand.
> Some people still think that you can just install linux and
> start work without a good computer security grounding!
>
> Cheers,
> Alan Kennington.
>
> ----- Forwarded message from "xxxx" <xxxx@scils.rutgers.edu> -----
>
> Date: Mon, 29 Jan 2001 18:49:22 -0500 (EST)
> From: "xxxx" <xxxx@scils.rutgers.edu>
> To: akenning@dog.topology.org
> Subject: Re: probe by 165.230.162.206 (datafusion.rutgers.edu) (fwd)
>
> To Whom it may concern:
>
> I am the Assistant Dean for Network & Information Technology at the
> School of Communication, Information and Library Studies at Rutgers
> University. I wanted to write to you to apologize for the recent
> intrusion of your system by one of our faculty systems. The system in
> question was a PC running Linux 6.2. Our internal investigation
> indicated that this system was not installed by a system admin. with
> security expertise. It was installed for legitimate faculty research
> but the security policies were not adequately configured and patches
> not applied properly.
>
> I have determined that the system was hacked and compromised. This
> system has been disabled and will not be re-activated. It will be
> wiped clean and re-installed by properly trained personnel and only
> then approved for re-introduction to the network.
>
> I do apologize for any inconvenience or distress this system may
> have caused your organization. I will work diligently to see to it
> that none of our systems are again responsible for any intrusion.
>
> Thank you for your patience and understanding.
>
> Respectfully,
>
> xxxx
>
> [....]
>
> ----- End forwarded message -----
>
> --
> LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
> To unsubscribe from the LinuxSA list:
> mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
>
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
[stats]
Return to the LinuxSA Mailing List Information Page