[plug] Fw: I am so sorry!Your hosts was hacked!

Mon Apr 9 10:35:39 WST 2001

Correct me if I'm wrong, if you use ipchains and block all external direct
connectionts to your gateway than chances are, your safe? 

Trav

On Mon, 9 Apr 2001, Simon Scott wrote:

> 	Given enough time, any machine on the net could be compromised.
> 
> 	Just how many machines do these people need? How likely is it that
> if your box is compromised that it would be used for anything at all?
> 
> 	Its a game for most hackers, just to see if they can... the result
> of compromising your box is that they move on and try to compromise the
> next. Mostly they do no damage, and if they do, it is a simple case of
> ghosting your 'known-good' root image, restoring /home from tape and
> upgrading the offending service. Then sit around waiting for the next hole
> to be found.
> 
> 	And if they were really serious about using your box, would they
> alert you to the fact that its been compromised? Most peoples reaction would
> be to drop the box off the breeze and reinstall with something newer. What
> does this achieve? They lose access, until they compromise it next time.
> Hell, Im at work most of the day and some days I dont even go downstairs to
> use my boxen. My server could be compromised and used in a DOS attack in
> between me being there. Does that make me liable? If I spend 24x7 trying to
> maintain security and my box is still used for something sinister, am I
> still liable? Is my liability level a direct relation to the versions of
> stuff I had install at the time?
> 
> 	I get 3-4 attacks on my machine a week, mostly an obvious buffer
> overflow attempt on identd or some other service.
> 
> 	I retain my stance of 10 years ago - if its important, it shouldnt
> be on the net. There is no guarantee of security, and if nothing sensitive
> is on the net then it doesnt matter if my box is compromised or not. Why do
> NASA have anything on the net that may be sensitive? You are NEVER going to
> be 100% secure. Someone will ALWAYS be able to compromise your box. So why
> play the game?
> 
> 	To me it is a bigger social issue of why these 14 yr olds have
> nothing else to do with their time. One benefit I suppose is that they
> probably get good training in unix/networking along the way. The bad
> side-effect is that most people have an irrational over-reaction about
> securing the magnetic bits on their harddrives. People are wasting their
> lives staring at errata sites waiting for some security issue or another,
> trying to stay ahead of the competition. SOOO much time is wasted that would
> be better used constructively. So I refuse.
> 
> 	Most people today, even experienced admins, dont have a clue about
> security. Especially in MS circles, security is sold as a product (Firewall
> XYZ) but in reality it is a long and hard process of trying to keep
> up-to-date. And even then there are no guarantees. I would hazard a guess
> that most sites on the net are run by some buffoon without a clue, and are
> just waiting to be compromised.
> 
> 	So why should I care about my little p100 sitting on an adsl link?
> 
> 
> 
> 
> 
> 
> 	From:	Matt Kemner <zombie at wasp.net.au> on 09-04-2001 09:54 AM
> 	Please respond to plug at plug.linux.org.au@SMTP at Exchange
> 	To:	plug at plug.linux.org.au@SMTP at Exchange
> 	cc:	 
> 
> 	Subject:	Re: [plug] Fw: I am so sorry!Your hosts was hacked!
> 
> 	On Mon, 9 Apr 2001, Simon Scott wrote:
> 
> 	> 	Ask yourself 1 question..... do you really care?
> 
> 	Simon, you had better care.
> 	The main reason for someone wanting to crack your box, no matter how
> 	pitiful it is, is to use it as a launchpad to either break into
> somewhere
> 	else, or flood someone else's network (Denial of Service)
> 
> 	You are responsible for anything that comes from a machine that is
> 	supposed to be under your control, so it is you that will be talking
> to
> 	the authorities if it happens.
> 
> 	Just a few days ago I got a notice from one of my suppliers saying
> that
> 	someone on IP address such and such at such and such time attempted
> to
> 	crack one of NASA's sites, and would I be so kind as to terminate
> the
> 	customer's account immediately, but to keep their details and await
> to be
> 	contacted by the appropriate authorities.
> 
> 	As it was, I happen to know said customer really well, and I knew
> there
> 	was no chance of them being responsible - and I also knew they were
> using
> 	a very old version of RedHat on their gateway (not installed by me)
> 	and that the chances are very high it was broken into and use by
> someone
> 	else - and my supplier was happy with my assurance that said machine
> would
> 	be taken off-line immediately and formatted/installed an up-to-date
> 	version of Linux before being put back online.
> 
> 	If I hadn't known the customer that well, they would have found
> themselves
> 	without Internet access and with a whole lot of explaining to do.
> 	 
> 	Anyway, sorry for the rant, don't take it too personally, I'm just
> 	concerned that so many people are blasé about the whole security
> thing
> 	when it should be a top priority for everyone.
> 
> 	 - Matt
> 
> 
> 
> 
> **********************************************************************
> This email and any files transmitted with it are confidential and 
> intended solely for the use of the individual or entity to whom they   
> are addressed. If you have received this email in error please notify 
> the system manager.
> 
> This footnote also confirms that this email message has been swept by 
> MIMEsweeper for the presence of computer viruses.
> 
> www.mimesweeper.com
> **********************************************************************
> 

-- 
Kind regards,

Travis Read

iiNet Senior Support            | Ph +61 8 9214 2222 Fx +61 8 9214 2211
travisr at corporate.iinet.net.au  | 250 St Georges Terrace, Perth WA 6000

" there is a war going on, it's not about who has the most bullets,
         it's about who controls the information " - SNEAKERS