Re: [MLUG] Re: hacking for the grade

["Shawn Parker" <EMAIL:PROTECTED>]

on a side note, the first linux box i put online at my house when i
moved to columbia had anonymous ftp configured. within 5 days, i had
25+gig of media files and strange directory structures. since then,
i've always disabled anonymous ftp services.

:)

On 3/2/06, Shawn Parker <EMAIL:PROTECTED> wrote:
> i won't say 'impossible' simply because anything can be cracked given
> enough skill, time and effort. but, if you lock down a linux box by
> ensuring all unused ports are closed, all user accounts are configured
> correctly (permissions, access, etc) and you disable all unused
> daemons then it's certainly going to be tough to crack.
>
>  there have been exploitable code flaws in apache, mysql and php in
> recent months. not too mention if you don't lock mysql down right then
> sql injections could wreak havoc on your system and provide a back way
> in.
>
> that said, i have a debian lamp box at my house that has survived 6+
> months of daily brute force attempts and, i'm sure, other malicious
> attacks. i get ping of death warnings in my firewall logs sometimes.
>
> so far, none of them have been successful. and, i'm by no means a
> security expert. i have faith in the security of linux.
>
> On 3/2/06, Mike Miller <EMAIL:PROTECTED> wrote:
> > Moved to Membership list:
> >
> > On Thu, 2 Mar 2006, George B. Robb III wrote:
> >
> > > For entertainment it would be fun to see an old NT 4.0 with IIS 3.5
> > > enabled next to the LAMP boxes...
> > >
> > > F to the students that can't crack the IIS box...
> > >
> > > :)
> > >
> > > Shawn Parker wrote:
> > >
> > >> http://www.securitydump.com/content141.html
> > >>
> > >> it would be easy for the professor to set up a couple of LAMP boxes for
> > >> the assignment.
> >
> >
> > I do have a question below...
> >
> > I just submitted a grant where I plan to do all the data management work
> > on a nice shining new Linux server with Apache/MySQL/PHP.  A couple of
> > people asked if Linux was suitable for this kind of thing.  I added this
> > wording in response to those questions:
> >
> >    Linux operating systems have become predominant in high-end computing
> >    in recent years.  All major producers of proprietary UNIX operating
> >    systems also offer Linux on their biggest systems (IBM, SGI, Sun, HP)
> >    and all of the supercomputers purchased recently by our Minnesota
> >    Supercomputing Institute are running Linux (SGI Altix, IBM Netfinity and
> >    IBM BladeCluster).
> >
> > I find that people think that Linux must be good if our supercomputing
> > institute is using it.  It does seem like Linux doesn't quite get the
> > respect it deserves, but maybe that's just because of the advertising
> > budget! ;-)
> >
> > So here's my question:  If the LAMP box is set up and configured
> > appropriately with minimal services, won't it be virtually impossible for
> > someone to crack it?  We'll be using SSH and Apache and just about nothing
> > else (probably VNC via SSH port forwarding), and SSH connections will be
> > limited to the local network (via tcp wrappers) with VPN for outside.  I
> > don't think it will be cracked, but if it is, we'll have tripewire, etc.,
> > to detect intrusion.  We also have very frequent tape backups so that we
> > can recover pre-intrusion data.
> >
> > Mike
> >
> > _______________________________________________
> > members mailing list
> > EMAIL:PROTECTED
> > http://mlug.missouri.edu/mailman/listinfo/members
> >
>
>
> --
> shawn
>


--
shawn

_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members