LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-11-2003, 07:30 AM   #1
Ander
Member
 
Registered: Apr 2003
Location: Vancouver
Distribution: Debian
Posts: 37

Rep: Reputation: 15
Is Knoppix dangerous?


Hi,

I've been running Knoppix (www.knoppix.org) to learn about Linux before I do an actual install.

In case anyone isn't familiar with Knoppix, it's a complete Linux distro that boots and runs from CD. It recognizes your hardware, creates a RAMdisk, and treats your hard drives as read-only.

It also sets up Net access---so as soon as the desktop appears, you can launch a browser and go.

What I'd like to know is, does Knoppix set up a firewall, too? With no automatic security, couldn't someone hack into your system and remount your drives? Should Knoppix be used only offline?

I'd like to use it online, but I can't find anything about this. Feel free to tell me if I'm being paranoid.

Cheers, Ander

Last edited by Ander; 04-11-2003 at 07:35 AM.
 
Old 04-11-2003, 08:03 AM   #2
Ander
Member
 
Registered: Apr 2003
Location: Vancouver
Distribution: Debian
Posts: 37

Original Poster
Rep: Reputation: 15
(Oops---guess I should've posted this in the Distributions forum. Feel free to move it.)
 
Old 04-11-2003, 04:18 PM   #3
onurb
Member
 
Registered: Dec 2002
Posts: 263

Rep: Reputation: 30
By default Linux is pretty secure, but if you want to know: do some tests at:
http://www.pcflank.com/about.htm

Bruno

Last edited by onurb; 04-11-2003 at 09:05 PM.
 
Old 04-11-2003, 07:17 PM   #4
Ander
Member
 
Registered: Apr 2003
Location: Vancouver
Distribution: Debian
Posts: 37

Original Poster
Rep: Reputation: 15
I did the Quick Test and the Trojan test. Here's what they said. (I've omitted the warning about browser referrals; you need to run a proxy to stop those.)
========================================================================

Check for vulnerabilities of your computer system to remote attacks

We have scanned your system for open ports and for ports visible to others on the Internet. As a rule an open port means your computer is vulnerable to attacks by crackers. They gain access to your computer and its files through these open ports.

Warning!
The test found visible port(s) on your system: 21, 23, 80, 135, 137, 138, 139, 1080, 3128

Recommendation:
Install personal firewall software. If you have already installed and are using a firewall, check if it is set to make all the ports of your computer invisible (hidden). If it is, then get new firewall software and redo this test.

Trojan horse check

The test scanned your system to find signs of a Trojan. If a Trojan horse is on your computer a cracker can access your system's files and your personal data.

Warning!
The test found visible ports on your system: 27374, 12345, 1243, 31337, 12348.
The following Trojans use these ports: SubSeven, NetBus, SubSeven, Back Orifice, BioNet
Although these ports are visible, they are not open, so your system is not infected. However, having visible ports on your system means your computer can be "seen" over the Internet. This makes it very easy for skillful intruders to explore your system.

Recommendation:
Install personal firewall software and use an anti-Trojan program. If you have a firewall, check if it is set to make all your computer ports invisible (hidden). If it is, then it failed miserably. Replace it and redo this test.

- - - - - - - - - -

The results of Stealth Test

We have sent following packets to TCP:1 port of your machine:

* TCP ping packet
* TCP NULL packet
* TCP FIN packet
* TCP XMAS packet
* UDP packet

Here is the description of possible results on each sent packet:

"Stealthed" - Means that your system (firewall) has successfuly passed the test by not responding to the packet we have sent to it.

"Non-stealthed" - Means that your system (firewall) responded to the packet we have sent to it. What is more important, is that it also means that your computer is visible to others on the Internet that can be potentially dangerous.

Packet' type Status
TCP "ping" non-stealthed
TCP NULL non-stealthed
TCP FIN non-stealthed
TCP XMAS non-stealthed
UDP non-stealthed

========================================================================

So what's the answer? Run a firewall as soon as you boot Knoppix? How do you do that, anyway? (Sorry for my ignorance.)

And since Knoppix makes such a big deal out of auto-configuring everything, do you think this is a significant oversight?
 
Old 04-11-2003, 07:59 PM   #5
onurb
Member
 
Registered: Dec 2002
Posts: 263

Rep: Reputation: 30
Well this looks pretty scarry.

However your Knoppix is read only, if you got windows on the HD that would be writable and easy to manipulate.

There are two thing you could do: turn an old box into a firewall and place it between your computer and the internet.

Or if you're happy with knoppix, install it on your harddisk, download a firewall and install it.
After all running Knoppix from CD is only for testing, recovery of other Linux distro's, or giving "new" linuxers a look and feel of what Linux is like.
Installing on HD makes it run faster too ( reading CD's is slower than reading HD's ).

You can also download another distro, most of them have a firewall in their packages, but all other distro's need a HD install too.

Bruno

Last edited by onurb; 04-11-2003 at 08:07 PM.
 
Old 04-11-2003, 08:48 PM   #6
nakkaya
LQ Guru
 
Registered: Jan 2003
Location: Turkey&USA
Distribution: Emacs and linux is its device driver(Slackware,redhat)
Posts: 1,398

Rep: Reputation: 45
does this thing works correct cause nmap reports no open ports but this scan repost lots of open ports
 
Old 04-11-2003, 08:56 PM   #7
onurb
Member
 
Registered: Dec 2002
Posts: 263

Rep: Reputation: 30
I've done all the PC Flank tests and my machine passed all their tests with good results ( stealthed ), but then I have a good firewall running.

Bruno

PS: PC Flank is the best test-site there is, you could also try GRC:
https://grc.com/x/ne.dll?bh0bkyd2
but they are more focused on windows machines and the results from them are not to be trusted by Linux users.

Last edited by onurb; 04-11-2003 at 09:07 PM.
 
Old 04-12-2003, 08:44 PM   #8
Ander
Member
 
Registered: Apr 2003
Location: Vancouver
Distribution: Debian
Posts: 37

Original Poster
Rep: Reputation: 15
onurb> Or if you're happy with knoppix, install it on your harddisk, download a firewall and install it. After all running Knoppix from CD is only for testing, recovery of other Linux distro's, or giving "new" linuxers a look and feel of what Linux is like.

Yes, I know about the h/d-install option, which is cool.

As you mention, though, the main idea is that Knoppix can be run temporarily, from CD, without modifying the system. And that's how I want to use it. (It's especially fun for impressing friends who think Linux is lightyears behind Windows.)

But how can you use it if it leaves the system wide-open? Sure, you could always disconnect the machine from the Net first. But the Net is such a big part of computing these days. And what do you tell your friends? "Sorry we can't access the Net, but your system would be vulnerable"? Not very impressive.

onurb> I've done all the PC Flank tests and my machine passed all their tests with good results ( stealthed ), but then I have a good firewall running.

Yes, and I got the same results from my firewalled Windows. But that's the whole point.

I see that "ipchains" is included on the Knoppix CD, and that it has something to do with firewalls. I've read its HOW-TO, though, and a few webpages about it, and I'm still confused---you have to know quite a bit about networks to use it. Besides, why should basic security be so hard with a distribution that claims to automatically configure everything? I don't get it.
 
Old 04-13-2003, 12:36 PM   #9
onurb
Member
 
Registered: Dec 2002
Posts: 263

Rep: Reputation: 30
A simple solution: as long as you're in Knoppix, unmount your win partitions, because that is the only weak point.

umount /mnt/win_c (umount=unmount without the "n")

Bruno
 
Old 04-18-2003, 02:05 PM   #10
Ander
Member
 
Registered: Apr 2003
Location: Vancouver
Distribution: Debian
Posts: 37

Original Poster
Rep: Reputation: 15
Okay, thanks. Maybe it's impossible for a CB-boot distro to set up any kind of meaningful security (outside of not mounting the other OS's partitions in the first place).

Cheers, A.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Dangerous Permissions? rob_roman23 Linux - General 4 10-21-2008 11:31 AM
Dangerous Religion danimalz General 692 02-07-2006 04:36 PM
Not exactly a newbie, but still dangerous jhenager LinuxQuestions.org Member Intro 2 09-19-2005 03:51 PM
is this dangerous? Kendo1979 Linux - Security 3 05-18-2005 12:31 AM
What is so dangerous about using root? frontier1 Linux - Newbie 14 02-28-2003 10:21 AM


All times are GMT -5. The time now is 02:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration