Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Hacker Attack / Probing The Firewall
Robert83
post Mar 19 2004, 07:10 AM
Post #1


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

Hughejr I would like to ask for you're help,...please! smile.gif

As you know I've got a firewall computer set up the way you told me to , using the iptables as you told me to.

Today I've recieved a offer that some company want's me to install a firewall system for them , but first a hacker [who said that he can "hack any linux" ? smile.gif <- I think , he thinks he's a demi-god or something] will try to hack my firewall, and if he fails at it, I will get the job.

So I would kindly like to ask you, please tell me, what packages can I remove with rpm -e from a fully installed setup firewall... ? [so that even if he gets in , nothing will be served on a dish[?hope I spelled this right] to him.

And how safe it is to watch users like this :

watch w [since I'm nervous right now] , I think this way I can see if someone creates a user on the firewall computer right? , is there a security risk doing this monitoring with watch w ?

Please be so kind, if you have some time, help me smile.gif

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 19 2004, 07:34 AM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



How sure are you that this is a legitimate offer?

.... if he is so smart ... why doesn't he just set up the firewall himself?

Let me be perfectly clear ... any firewall can be hacked....if someone is willing to spend enough time and effort.

Your firewall logs immediately go into the /var/log/messages file ... and however often you run the script we wrote, they get moved to /var/log/iptables ...

If you know the time that the test is going to happen ... just tail /var/log/messages and when you see a scan (ie several ports being attempted at the same time from the same ip), just block that ip totally....

the command to tail /var/log/messages would be something like this:

tail -n 35 -f /var/log/messages

then when you see this guy trying to get in, just add this line at the top of your input section....

iptables -A INPUT -i outside_eth_card -s his_ip -d 0.0.0.0/0 -j drop-and-log-it

restart iptables

then every packet that comes from him will be dropped....
---------------------
You should be able to use watch as well with no problems...


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Robert83
post Mar 19 2004, 08:49 AM
Post #3


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

thankx for the answer, I'm perfectly clear with that fact hughesjr, nomatter what I do I can be hacked.

But about that packages , what packages can I remove after setting up the firewall, packages that are safe to remove, ...so that not many potential security holes are left on that firewall...

Thank you!,

ps.: the offer I think is legitimate, he will leave a message in my /home if he succeds, but about the time I know nothing, but if I do that tail -n 35 -f /var/log/messages with watch, is this good?

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 19 2004, 09:28 AM
Post #4


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



If you do tail (with the switches I used) ... you don't need to use watch .... that tail command will update as the file updates....

I don't like to remove items from an install lower than the minumum install for a distro (which is how I think you installed the firewall). Then you added only things like ckrootkit, tripwire, etc. You could always remove programs you never use .. but I normally don't go below the Minimum install.

Just make sure you have the latest updates....


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 17th October 2017 - 09:14 PM