LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
LinkBack Search this Thread
Old 12-05-2006, 01:22 PM   #16
operator10001
Member
 
Registered: Mar 2006
Distribution: debian sarge
Posts: 222

Rep: Reputation: 30

Quote:
Originally Posted by chort
ROFL!

Anarchist: What people who find the idea of personal responsibility uncomfortable call themselves.
Black Hat: What skiddies call themselves.


BTW using a botnet to DDoS someone does not count as "hacking", and could you please explain to me what a "firewall cracker" does? Yeah, I thought so.
i should mention that the word "responsibility" is very loaded. it is a word that lacks conceptulisiation. fuzzy thinking people that don't know how to understand language misuse that word, since there is no right way to use it.

it slips loaded packets into the packetfilter causing a chain reaction that "unhooks" the firewall causing an exception to the packet filter, allowing access without having to get permission.
my knowledge of the internal operation is very limited. I sure know how to use it though.
 
Old 12-05-2006, 01:47 PM   #17
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
• [in sing. ] ( responsibility to/toward) a moral obligation to behave correctly toward or in respect of : individuals have a responsibility to control personal behavior.
That's not "loaded" at all. Simply put: you're free to do whatever you want, but you must be accountable for your actions. If you choose to use your freedoms to harm others, then society moves to contain/restrain you. People not comfortable with being accountable for their own actions like to toss around the term "Anarchist" as an excuse. "Hey man, I believe in Anarchy, don't hold me to your rules". Anarchy is usually used as an easy excuse to do whatever you want and not worry about consequences.

As for your so-called "firewall cracker", that sounds like one of the exploits that was demonstrated several years ago for FW-1. I highly doubt it actually works on anything in deployment today (other than ancient versions of FW-1), if you even possess such a thing. And thanks for confirming my skiddie suspicion. You don't know how it works, but you "know how to use it".
 
Old 12-05-2006, 01:55 PM   #18
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,519
Blog Entries: 51

Rep: Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599
it slips loaded packets into the packetfilter causing a chain reaction that "unhooks" the firewall causing an exception to the packet filter, allowing access without having to get permission.
You seriously mean something more recent than CVE-2005-0449?

Last edited by unSpawn; 12-05-2006 at 01:57 PM.
 
Old 12-05-2006, 02:07 PM   #19
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
Originally Posted by unSpawn
it slips loaded packets into the packetfilter causing a chain reaction that "unhooks" the firewall causing an exception to the packet filter, allowing access without having to get permission.
You seriously mean something more recent than CVE-2005-0449?
Heh, the SecurityFocus advisories involving that CVE are enlightening. It looks like early 2.6 kernels had a lot of "issues". I will grant there are likely a fairly large number of affected systems still around with vulnerable kernels.
 
Old 12-05-2006, 02:37 PM   #20
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
I am going to join the chorus that says do a complete reinstall. The compromise was serious enough that you can never be sure the system is secure going forward. If the system is mission critical for the company, then bring up a new system to replace it and swap your critical data to the new machine after it is up and configured. Then completely wipe and start over with the compromised computer.

When you bring the system up originally, start with all ports closed, then start opening them selectively until you have only what you need. Make sure iptables (or ipchains if you are sticking with the 2.4 kernel) is up, running, and properly configured.

When I deploy a new server, after I have it up and running to my satisfaction, I immediately make an image of the system partition, which I then store on a DVD. Thus, should I find myself facing your situation (or, should a hard drive fail, etc), I can have my working configuration up and running again just as quickly as I can roll the image back onto the system. If I make significant upgrades or changes to the system, I make a new image.

You should establish this procedure for any business system you deploy. Combined with keeping /home on a separate drive from the system, you wind up with a capability to quickly recover from just about anything.
 
Old 12-05-2006, 06:30 PM   #21
operator10001
Member
 
Registered: Mar 2006
Distribution: debian sarge
Posts: 222

Rep: Reputation: 30
Quote:
Originally Posted by chort
That's not "loaded" at all. Simply put: you're free to do whatever you want, but you must be accountable for your actions. If you choose to use your freedoms to harm others, then society moves to contain/restrain you. People not comfortable with being accountable for their own actions like to toss around the term "Anarchist" as an excuse. "Hey man, I believe in Anarchy, don't hold me to your rules". Anarchy is usually used as an easy excuse to do whatever you want and not worry about consequences.

As for your so-called "firewall cracker", that sounds like one of the exploits that was demonstrated several years ago for FW-1. I highly doubt it actually works on anything in deployment today (other than ancient versions of FW-1), if you even possess such a thing. And thanks for confirming my skiddie suspicion. You don't know how it works, but you "know how to use it".
i use my freedom for my own honest interest only. the subhumans have constrained me and my actions for working for the good of everyone and the only way to make progress was to rebel. all philosophers of all stripes all say it EXACTLY the same way, "not without the sanction of the victim".

the linux version still works just fine. the windows version needs updates a lot.

yes, I admit to being a script kiddie.
 
Old 12-05-2006, 06:31 PM   #22
operator10001
Member
 
Registered: Mar 2006
Distribution: debian sarge
Posts: 222

Rep: Reputation: 30
Quote:
Originally Posted by unSpawn
it slips loaded packets into the packetfilter causing a chain reaction that "unhooks" the firewall causing an exception to the packet filter, allowing access without having to get permission.
You seriously mean something more recent than CVE-2005-0449?
to the best of my knowledge, it's update monthly.
 
Old 12-05-2006, 07:08 PM   #23
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,519
Blog Entries: 51

Rep: Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599
As moderator I chose to close this thread as I should have done earlier on. People who read this thread should take post #14 as the end of this thread and treat the rest, with the exception of #20, as off-topic. If operator10001 or chort care to continue our discourse let me know and I'll move those parts to the General forum.
 
  


Closed Thread

Tags
security, services


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
An error Occurred during the file system check. Dropping you to shell; the system wil aneikei Linux - Newbie 3 02-11-2010 07:38 PM
How to find out if my system is i386, i486, or i586? Is there a system info command? mlsbraves Linux - General 6 02-17-2009 04:08 PM
Fedora system stuck at system message bus service upon bootup guy_ripper Linux - Software 4 02-16-2009 01:54 PM
KDE sound system doesn't play system notifications in SUSE with OSS driver mike1111 Linux - Software 0 07-17-2006 12:00 AM
LXer: Move an entire file system on a live Unix system LXer Syndicated Linux News 0 07-08-2006 05:33 PM


All times are GMT -5. The time now is 12:19 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration