LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Is Knoppix dangerous? (https://www.linuxquestions.org/questions/linux-newbie-8/is-knoppix-dangerous-54553/)

Ander 04-11-2003 06:30 AM
Is Knoppix dangerous?
 
Hi,

I've been running Knoppix (www.knoppix.org) to learn about Linux before I do an actual install.

In case anyone isn't familiar with Knoppix, it's a complete Linux distro that boots and runs from CD. It recognizes your hardware, creates a RAMdisk, and treats your hard drives as read-only.

It also sets up Net access---so as soon as the desktop appears, you can launch a browser and go.

What I'd like to know is, does Knoppix set up a firewall, too? With no automatic security, couldn't someone hack into your system and remount your drives? Should Knoppix be used only offline?

I'd like to use it online, but I can't find anything about this. Feel free to tell me if I'm being paranoid.

Cheers, Ander

Ander 04-11-2003 07:03 AM
(Oops---guess I should've posted this in the Distributions forum. Feel free to move it.)

onurb 04-11-2003 03:18 PM
By default Linux is pretty secure, but if you want to know: do some tests at:
http://www.pcflank.com/about.htm

Bruno

Ander 04-11-2003 06:17 PM
I did the Quick Test and the Trojan test. Here's what they said. (I've omitted the warning about browser referrals; you need to run a proxy to stop those.)
========================================================================

Check for vulnerabilities of your computer system to remote attacks

We have scanned your system for open ports and for ports visible to others on the Internet. As a rule an open port means your computer is vulnerable to attacks by crackers. They gain access to your computer and its files through these open ports.

Warning!
The test found visible port(s) on your system: 21, 23, 80, 135, 137, 138, 139, 1080, 3128

Recommendation:
Install personal firewall software. If you have already installed and are using a firewall, check if it is set to make all the ports of your computer invisible (hidden). If it is, then get new firewall software and redo this test.

Trojan horse check

The test scanned your system to find signs of a Trojan. If a Trojan horse is on your computer a cracker can access your system's files and your personal data.

Warning!
The test found visible ports on your system: 27374, 12345, 1243, 31337, 12348.
The following Trojans use these ports: SubSeven, NetBus, SubSeven, Back Orifice, BioNet
Although these ports are visible, they are not open, so your system is not infected. However, having visible ports on your system means your computer can be "seen" over the Internet. This makes it very easy for skillful intruders to explore your system.

Recommendation:
Install personal firewall software and use an anti-Trojan program. If you have a firewall, check if it is set to make all your computer ports invisible (hidden). If it is, then it failed miserably. Replace it and redo this test.

- - - - - - - - - -

The results of Stealth Test

We have sent following packets to TCP:1 port of your machine:

* TCP ping packet
* TCP NULL packet
* TCP FIN packet
* TCP XMAS packet
* UDP packet

Here is the description of possible results on each sent packet:

"Stealthed" - Means that your system (firewall) has successfuly passed the test by not responding to the packet we have sent to it.

"Non-stealthed" - Means that your system (firewall) responded to the packet we have sent to it. What is more important, is that it also means that your computer is visible to others on the Internet that can be potentially dangerous.

Packet' type Status
TCP "ping" non-stealthed
TCP NULL non-stealthed
TCP FIN non-stealthed
TCP XMAS non-stealthed
UDP non-stealthed

========================================================================

So what's the answer? Run a firewall as soon as you boot Knoppix? How do you do that, anyway? (Sorry for my ignorance.)

And since Knoppix makes such a big deal out of auto-configuring everything, do you think this is a significant oversight?

onurb 04-11-2003 06:59 PM
Well this looks pretty scarry.

However your Knoppix is read only, if you got windows on the HD that would be writable and easy to manipulate.

There are two thing you could do: turn an old box into a firewall and place it between your computer and the internet.

Or if you're happy with knoppix, install it on your harddisk, download a firewall and install it.
After all running Knoppix from CD is only for testing, recovery of other Linux distro's, or giving "new" linuxers a look and feel of what Linux is like.
Installing on HD makes it run faster too ( reading CD's is slower than reading HD's ).

You can also download another distro, most of them have a firewall in their packages, but all other distro's need a HD install too.

Bruno

nakkaya 04-11-2003 07:48 PM
does this thing works correct cause nmap reports no open ports but this scan repost lots of open ports

onurb 04-11-2003 07:56 PM
I've done all the PC Flank tests and my machine passed all their tests with good results ( stealthed ), but then I have a good firewall running.

Bruno

PS: PC Flank is the best test-site there is, you could also try GRC:
https://grc.com/x/ne.dll?bh0bkyd2
but they are more focused on windows machines and the results from them are not to be trusted by Linux users.

Ander 04-12-2003 07:44 PM
onurb> Or if you're happy with knoppix, install it on your harddisk, download a firewall and install it. After all running Knoppix from CD is only for testing, recovery of other Linux distro's, or giving "new" linuxers a look and feel of what Linux is like.

Yes, I know about the h/d-install option, which is cool.

As you mention, though, the main idea is that Knoppix can be run temporarily, from CD, without modifying the system. And that's how I want to use it. (It's especially fun for impressing friends who think Linux is lightyears behind Windows.)

But how can you use it if it leaves the system wide-open? Sure, you could always disconnect the machine from the Net first. But the Net is such a big part of computing these days. And what do you tell your friends? "Sorry we can't access the Net, but your system would be vulnerable"? Not very impressive.

onurb> I've done all the PC Flank tests and my machine passed all their tests with good results ( stealthed ), but then I have a good firewall running.

Yes, and I got the same results from my firewalled Windows. But that's the whole point.

I see that "ipchains" is included on the Knoppix CD, and that it has something to do with firewalls. I've read its HOW-TO, though, and a few webpages about it, and I'm still confused---you have to know quite a bit about networks to use it. Besides, why should basic security be so hard with a distribution that claims to automatically configure everything? I don't get it.

onurb 04-13-2003 11:36 AM
A simple solution: as long as you're in Knoppix, unmount your win partitions, because that is the only weak point.

umount /mnt/win_c (umount=unmount without the "n")

Bruno

Ander 04-18-2003 01:05 PM
Okay, thanks. Maybe it's impossible for a CB-boot distro to set up any kind of meaningful security (outside of not mounting the other OS's partitions in the first place).

Cheers, A.


All times are GMT -5. The time now is 05:44 AM.