LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-27-2004, 05:41 AM   #16
complus
Member
 
Registered: Aug 2003
Distribution: Red Hat 9
Posts: 76

Original Poster
Rep: Reputation: 15

Thanks unSpawn. Seeing as I am a newbie I'd trust myself installing the newer version clean rather than upgrading over the existing one. I managed to get it off of Red Hat's site (after a few hours of the server being too busy).

In addition to posting in the security forum and reading the docs in your security post I've asked our network consultant to review our firewall policy and see what other measures can be taken to prevent this again.

Thanks again so much for your help.
 
Old 02-27-2004, 11:10 AM   #17
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,014
Blog Entries: 54

Rep: Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764
Seeing as I am a newbie I'd trust myself installing the newer version clean rather than upgrading over the existing one.
Well, you certainly misunderstood me, but in the end the effect is the same, luckily.
There are NO, repeat NO valid reasons to try and "restore" a (possibly) compromised box by upgrading over the existing framework. A (possibly) compromised box must ALWAYS be returned to a pristine state (wipe bootsector, repartition, reformat) before installing an OS from scratch. Even tho the chances are low you're up against a cracker with "good" skills and tools, the risk you take by upgrading can be easily avoided.

One other thing is that upgrades will leave certain things intact you NEED destroyed, like authentication. Whenever you encounter a rogue sniffer on a box, you can be sure passes will be collected by the cracker. This is one of the reasons Jludwig said you should investigate adjacent boxen/networks for tampering. Once through the perimeter firewall, a lot of networks leave a lot open, and most admins do not expect (perceived) users to be malicious (an clear misperception).


In addition to posting in the security forum and reading the docs in your security post I've asked our network consultant to review our firewall policy and see what other measures can be taken to prevent this again.
Well, the firewall is NOT one of the major issues you should be concerned with. Your FIRST and primary concern is hardening the box: removing all software, daemons, accounts, tools and compilers unnecessary for the purpose of the box. Limiting/restricting user and system user access to resources. Etc, etc. Finally move the box to a DMZ. And the perimeter firewall cfg comes LAST...


Thanks again so much for your help.
NP. That's why LQ is here. To help.
 
Old 02-27-2004, 12:05 PM   #18
jxi
Member
 
Registered: Feb 2003
Location: Richmond VA
Distribution: Slackware 11 -- CentOS 4.4
Posts: 115

Rep: Reputation: 15
Quote:
Promiscious mode just means the card is listening to /receiving all packets that happen to be on the line at that moment (...) Not abnormal during bootup, AFAIK.

Only if you *know* you're running any form of sniffer (including benign ones like tcpdump, Snort, like that).
unSpawn, thanks for correcting me on that. Seriously, I used to see this regularly in a previous rhl install (during boot), and thought nothing of it. Live and Learn.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
eth0 promiscuous mode? emetib Linux - Networking 9 08-26-2004 06:51 PM
device eth0 entered prominous mode & modprobe:pppt0 Module can't find out !! AZIMBD03 Linux - Hardware 0 06-01-2004 02:08 AM
Eth0 : Promiscuous mode enabled singhrishi Linux - Software 1 10-10-2003 01:24 PM
Eth0 : Promiscuous mode enabled singhrishi Linux - Networking 0 10-10-2003 07:10 AM
eth0 promiscuous mode susx Linux - Networking 11 09-22-2001 12:39 AM


All times are GMT -5. The time now is 11:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration