[ale] firewalls on cd

Geoffrey esoteric at 3times25.net
Tue Dec 18 16:45:54 EST 2001


Charles Marcus wrote:
> 
> Coyote Linux is pretty kewl.  It is designed to run from a floppy, but you
> could probably hack it to run from a CD, but don't see why you'd want to do
> that... just keep backups of your boot disk and firewall scripts, and you'll
> be fine.

As long as you have controlled access to the floppy drive, you can make
it as unwrittable as the cdrom.

> 
> Charles
> 
> > -----Original Message-----
> > From: John Wells [mailto:jbwellsiv at yahoo.com]
> > Sent: Tuesday, December 18, 2001 4:19 PM
> > To: Ale at ale.org
> > Subject: [ale] firewalls on cd (was [ale] unidentified processes)
> >
> >
> > Dow,
> >
> > Thanks for your reply, and for everyone who has helped
> > on my first iptables outing.
> >
> > Running a bootable CD sounds like a great idea...and
> > there seems to be quite a few options out there.  Does
> > anyone have recommendations on which to use?  I've run
> > across Sentry Firewall CD...what others are available?
> >
> > Thanks,
> > John
> >
> >
> > --- Dow Hurst <dhurst at kennesaw.edu> wrote:
> > > John,
> > > Even though James email is funny, he is absolutely
> > > correct in the
> > > approach.  The portmapper and rpc.statd are RPC
> > > based processes along
> > > with NFS and NIS (RPC uses UDP traditionally instead
> > > of TCP
> > > connections).  The portmapper advertises what RPC
> > > services are available
> > > on particular ports to remote requests.  rpc.statd
> > > lets remote
> > > applications and remoted machines "know" what the
> > > status, of the local
> > > machine or application that is RPC enabled, is.
> > > Both services are
> > > easily spoofed, cracked, and known cracks are
> > > available for both.  Since
> > > you have had those running, as well as ftpd, you
> > > should reload from
> > > scratch and choose to format your partitions too.
> > > This is faster and
> > > less prone to mistakes than working thru proving the
> > > machine is clean.
> > > (Even though that would be very educational!)  No
> > > service should be run
> > > directly on a firewall machine that doesn't have to
> > > be.  That is why it
> > > is recommended that you have a server inside your
> > > network for services
> > > like Samba, NFS, and appletalk and not combine your
> > > firewall server with
> > > that machine.  Running your firewall from a CD
> > > filesystem is a beautiful
> > > suggestion.  Your cracker is limited even more by
> > > not being able to
> > > change the read only system.  I need to look into
> > > that!
> > >
> > > One major difficulty in setting up a firewall for
> > > people not intimate
> > > with Linux, or any OS that is used, is that default
> > > choices during
> > > install can leave you quite vulnerable and your not
> > > even aware of it til
> > > you learn more.  Use "netstat -an" to prove that you
> > > have *only* sshd
> > > advertising a service on port 22 before you hook
> > > back up to the
> > > Internet.  You don't even have to have that, except
> > > it is convenient and
> > > secure for remote admin.
> > >
> > > Here is an excerpt from an email Bob sent me just
> > > the other day:
> > > "Btw, we just put up the first of 4 firewalls at
> > > this client (in
> > > Europe).
> > > It took only one hour and 34 minutes for someone to
> > > discover it and
> > > start
> > > breaking into it.  Within 20 minutes after that, a
> > > second cracker joined
> > > in."
> > >
> > > So you see it doesn't take long for a scan to find
> > > you and start to
> > > reveal possible entry points.  I would just reload
> > > to be on the safe
> > > side.  With more experience and a good "dd" backup,
> > > you can quickly
> > > identify differences in a file system to see if your
> > > hacked.  At my
> > > workplace, we have been recovering from a several
> > > crackers for the past
> > > year.  Nov. 2000 we had the telnetd hole exploited
> > > on most of our SGIs.
> > > We don't have much manpower to rebuild systems and
> > > keep our work moving
> > > along, so it has taken all year to work on
> > > rebuilding machines.  Hope
> > > this helps,
> > > Dow
> > >
> > >
> > > John Wells wrote:
> > > >
> > > > In addition to ftp and ssh, I have two processes
> > > > running on ports 111 and 1024.  They both seem to
> > > work
> > > > with rpc, and are the portmapper and rpc.statd
> > > > respectively.
> > > >
> > > > Can I disable these processes without any effect
> > > to my
> > > > system?  If so, I assume I just remove the links
> > > to
> > > > the startup scripts from my runlevel's startup
> > > > directory.
> > > >
> > > > Also, how insecure is it to run ftp on my
> > > > router/firewall box?
> > > >
> > > > Thanks,
> > > > John
> > > >
> > > > __________________________________________________
> > > > Do You Yahoo!?
> > > > Check out Yahoo! Shopping and Yahoo! Auctions for
> > > all of
> > > > your unique holiday gifts! Buy at
> > > http://shopping.yahoo.com
> > > > or bid at http://auctions.yahoo.com
> > > >
> > > > ---
> > > > This message has been sent through the ALE general
> > > discussion list.
> > > > See http://www.ale.org/mailing-lists.shtml for
> > > more info. Problems should be
> > > > sent to listmaster at ale dot org.
> > >
> > > --
> > >
> > __________________________________________________________
> > > Dow Hurst                   Office: 770-499-3428
> > > Systems Support Specialist  Fax:    770-423-6744
> > > 1000 Chastain Rd.
> > > Chemistry Department SC428
> > > Email:dhurst at kennesaw.edu
> > > Kennesaw State University
> > > Dow.Hurst at mindspring.com
> > > Kennesaw, GA 30144
> > > *********************************
> > > *Computational Chemistry is fun!*
> > > *********************************
> > >
> > > ---
> > > This message has been sent through the ALE general
> > > discussion list.
> > > See http://www.ale.org/mailing-lists.shtml for more
> > > info. Problems should be
> > > sent to listmaster at ale dot org.
> > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Check out Yahoo! Shopping and Yahoo! Auctions for all of
> > your unique holiday gifts! Buy at http://shopping.yahoo.com
> > or bid at http://auctions.yahoo.com
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info.
> > Problems should be
> > sent to listmaster at ale dot org.
> >
> >
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.

--
Until later: Geoffrey		esoteric at 3times25.net

"...the system (Microsoft passport) carries significant risks to users
that
are not made adequately clear in the technical documentation available."
- David P. Kormann and Aviel D. Rubin, AT&T Labs - Research
- http://www.avirubin.com/passport.html

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list