I just resolved a problem for a customer here that will go unnamed. The
customer had a PDC, an HTTP server and two FTP servers as well as an AIX
box and the workstations connected to an ISDN link (128K) with legal
addresses. The sysadmin kept having to add disks to the server but never
had the time to check where the space was going. I'm sure all of you can
guess. I put a firewall in the way and changed all internal addresses to
private (172.16-32) and had them change the passwords on the inside. The
firewall log went ballistic, and I was getting 300 - 500 attempts a day
from, 95% German hackers (I assume Warez) as well as some U.S. Military and
corporate servers (which where compromised of course). The customer now
finds that there is lots of space on the server and WOW is 128K FAST!
I explained to the customer that they where legally responsible
for the pornography and pirated software that was distributed by their
server. They where amazed that all that was going on without their
knowledge, and I explained that it was to the advantage of the hackers and
Warez operators that they keep the infected servers running as well as
possible.
I, of course, now have many script kiddies mad at me but hey,
what's life if we cant have a little fun!
Explain that to your customer
Gary B
At 10:17 AM 1/27/00 -0800, Shawn Savadkohi wrote:
>Forgive me for the blunt subject heading, but unfortunately this is a
>reality I'm facing in my organization.
>
>I'm a network administrator new to firewalls and the list. Like so many
>other organizations, we have a router linking us to the Internet which
>until recently went unfiltered. I've successfully deployed a couple
>firewall devices to change this, but my advances in securing our private
>network haven't been met with cheers ("Hey, why can't I get my RealAudio
>streams anymore!"). In particular, there is one department head who holds
>the sentiment I shared in the SUBJECT line. This person insists on
>keeping their segment firewall-free, with public IP addresses on
>workstations and servers alike.
>
>Having been unsuccessful on my own, I'm seeking advice on how I can
>persuade this dept head their machines are at risk. Remember I'm dealing
>with a non-technical member of management who would gloss over at
>responses describing DoS, Land attacks, SYN flooding, Bonk/Boink, port
>scans, etc.
>Real-life episodes of successful hacking I imagine will work well. And
>accept my "Thanks, but no thanks" in advance if you'd like to offer a
>demonstration!
>
>At the risk of exposing too much, let me briefly describe what services
>are unprotected: two (2) HTTP servers, one (1) SQL database server, and an
>NT box that's the PDC for that segment.
>
>Thanks for your responses.
>
>-Shawn
>
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
