Help - Search - Members - Calendar
Full Version: Hacker Attack / Probing The Firewall
Linuxhelp > Support > Technical Support
Robert83
Hi,

Hughejr I would like to ask for you're help,...please! smile.gif

As you know I've got a firewall computer set up the way you told me to , using the iptables as you told me to.

Today I've recieved a offer that some company want's me to install a firewall system for them , but first a hacker [who said that he can "hack any linux" ? smile.gif <- I think , he thinks he's a demi-god or something] will try to hack my firewall, and if he fails at it, I will get the job.

So I would kindly like to ask you, please tell me, what packages can I remove with rpm -e from a fully installed setup firewall... ? [so that even if he gets in , nothing will be served on a dish[?hope I spelled this right] to him.

And how safe it is to watch users like this :

watch w [since I'm nervous right now] , I think this way I can see if someone creates a user on the firewall computer right? , is there a security risk doing this monitoring with watch w ?

Please be so kind, if you have some time, help me smile.gif

Sincerely
Robert B
hughesjr
How sure are you that this is a legitimate offer?

.... if he is so smart ... why doesn't he just set up the firewall himself?

Let me be perfectly clear ... any firewall can be hacked....if someone is willing to spend enough time and effort.

Your firewall logs immediately go into the /var/log/messages file ... and however often you run the script we wrote, they get moved to /var/log/iptables ...

If you know the time that the test is going to happen ... just tail /var/log/messages and when you see a scan (ie several ports being attempted at the same time from the same ip), just block that ip totally....

the command to tail /var/log/messages would be something like this:

tail -n 35 -f /var/log/messages

then when you see this guy trying to get in, just add this line at the top of your input section....

iptables -A INPUT -i outside_eth_card -s his_ip -d 0.0.0.0/0 -j drop-and-log-it

restart iptables

then every packet that comes from him will be dropped....
---------------------
You should be able to use watch as well with no problems...
Robert83
Hi,

thankx for the answer, I'm perfectly clear with that fact hughesjr, nomatter what I do I can be hacked.

But about that packages , what packages can I remove after setting up the firewall, packages that are safe to remove, ...so that not many potential security holes are left on that firewall...

Thank you!,

ps.: the offer I think is legitimate, he will leave a message in my /home if he succeds, but about the time I know nothing, but if I do that tail -n 35 -f /var/log/messages with watch, is this good?

Sincerely
Robert B
hughesjr
If you do tail (with the switches I used) ... you don't need to use watch .... that tail command will update as the file updates....

I don't like to remove items from an install lower than the minumum install for a distro (which is how I think you installed the firewall). Then you added only things like ckrootkit, tripwire, etc. You could always remove programs you never use .. but I normally don't go below the Minimum install.

Just make sure you have the latest updates....
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.