On Saturday 21 August 2004 01:21 pm, Vincent Voois wrote: > Of course, this assumes there is no firewall between the net and Linux that > wouldn't catch the packet coming in. > This i explained in the end.
No, I understand the technique of spoofing, my point was that sending out the packets to a target in the blind, requires fairly good knowledge of the target and especially knowledge of any particular packet filtering that might be done by the target. If there is a decent firewall, and those come stock with Linux, it won't accept packets purporting to originate from localhost when those packets come in from the external net connection. So spoofing is immaterial if the packets you send just get dropped. And, since this is a Mandrake Linux mailing list, you should be aware that a Firewall wizard is built-in that is fairly complete and very good for setting up a standard default firewall. So again, I would say that setting up Linux correctly with a firewall would be at least as easy as mucking it up. > Not nessesarily damage, but opening backdoors for ways of intrusion may be > sufficient. Specially if you want to hack a company server to retreive > data. You really should qualify. On the one hand, you mention htting company servers to retrieve data, on the other, you make assumptions about no firewalls, no monitoring, no security. If you are aware of any company that is running Linux for these types of systems and leaving them that wide open, you must be working with a lower class of enterprise than am I. Companies can afford to hire people to do things right and usually must do so. Individuals are more likely to have open phpmyadmin setups, however, they are also much less likely to have any valuable data. > Like simple security exploits of MySql databases (and using a > non-secured PHPMyAdmin environment :P, just browse google for a "welcome to > phpMyAdmin" term and find out if there are unsecured servers, you don't > even need to spoof IP in some cases) Well, I can also google the entire net for web servers and try to find unsecured web servers as well. Suggesting this type of activity is pretty much pointless. First of all, if the unsecured server is indexed by Google, I really doubt that you will be the first one to find it. So, assuming that there is anything other than a smoking crater left, we might guess that the server is not trivially insecure, again, assuming that it is actively being indexed by Google and has had however many hundreds of visitors. Personally, I would have been much more likely to suggest doing a port scan for MySQL databases to try to find unsecured servers, but I suppose that Google is the hacker's most understated friend in that regard. I must be out of the loop. >> In the case of a worm, the whole point is to infect and propagate. So, you >> have to make another leap and assume that whatever you can cause to happen >> is complex enough to turn off all additional protections, notifications to >> sysadmin, and continue to spread to other boxen. > On Linux this is harder to accomplish. I would probably file that one into the "understatement" column. > I'm a moron, i had no troubles installing Linux on an average PC working > without needing to do much handwork. Well, I rather doubt that your company would appreciate your advertising the skill levels of their field service engineers in those glowing terms but I don't have any first hand knowledge to contradict. However, if you have Linux up and running on an average PC without much handwork, I will say this. I have known moron's, I currently know morons, and you sir, are no moron. If you would like, I could introduce you to some of the others that I know that tried to install Linux and gave up, and you might gain a whole new respect for yourself. > Leaving it that way unattended and > unconfigured (besides defaults) maybe isn't a problem for now, but when > leaks become known in a later period and i the same moron don't pay > attention to update security, my box becomes more vulnerable for certain > attacks. They don't nessesarily have to cause very much damage (as i said > earlier) I would be the first to admit that with all the Windows boxen that are available to all and sundry and oh, so easy to compromise, there is some level of security provided to Linux machines. Again, however, I would also venture a guess that the majority of Linux boxen, setup purely by default and with default services running, are still more secure and would be harder to compromise and even if compromised, would be much harder to spread to others. > Ah, the old "security through obscurity" canard. Yes, by all means, using > tried and true methods that have been tested by literally thousands of > others and are in active use and actively being tested by the black hats in > the wild is so obviously a worse means of protecting your server than > blazing your own trail only to discover your mistakes after you are > compromised. Are you sure you're a newbie? I mean, you sound a lot like a > technology analyst. Like Rob Enderle, for instance. > > HAhahahahaha, i like your reply, i did not intent to bring it as black and > white as you picked it up but the main idea is that any os is vulnerable to > something. And if it's not known today, it will be discovered later and > let's just hope it is being discovered by the developers and not by users > that intend harm with it. Well, in a nutshell, that is pretty much one of the major reasons that some of us who are actually in the software development field regard open source as superior. The chances that some black hat will discover a vulnerability before white hat developers is much reduced when the source is available to all. That being the case, I will concede that there is no such animal as totally secure software. We all live with varying degrees of risk that exist for a lot of other things in our daily life. Why would we have any different expectation of software? However, If I were to compare a runaway skateboard travelling at 80 mph to a Volvo traveling at the same speed, in terms of safety, I doubt that I would arrive at a conclusion that they are the same because they both involve some risk. I would not classify such a statement to really be painting an accurate portrait of reality. > For AFAIK, it always has been plain simple to > hack a windows platform using *NIX techniques and this is what i often do > on occasion when SID tables of NT servers got that corrupted that local > admin isn't able to log anymore with the local password. (The well known > Linux bootflop and it's extra flop with SCSI drivers) And it still works, > wether it's NT 4.0, 2000, XP and even local admin password hacking util > works on Windows Server 2003. Either Microsoft has this tool as part of > their disaster recovery kit, or they have their eyes wide shut. I'm a field > service engineer in real life, but i do not run into Linux configurations > on a daily or even weekly basis, but when i see how Linux is utilised > within our company, it's only for hacking Microsoft business :P Well, in my own experience, you don't even need techniques relating to Linux, there are thousands of black hat MS tools out there that will happily perform that function for you. > Maybe the majority quirk script kiddies are not really older than 14 and > don't really have any desire to do too much trouble bringing down some > website-server using the ordinary DoS-attack tools through IRC. Well, that is one way of looking at it. Another way would be that maybe the majority of quirk script-kiddies are incapable of bringing down a website server through anything other than ordinary DoS attack tools or pre-built scripts. And that these same script-kiddies wouldn't know their backside from a hole in the ground when it comes to Linux. > Besides, > with DoS you can also take out Linux and various routers and switches if > you do it properly enough. It's not vulnerable to the box itself, but > irritating to everyone depending on the pipeline they require for usage. So > also on the internet you have various levels of rascals, but it was not my > purpose to put it THAT black and white as you reply to it. DoS attacks are much easier to deal with and get rid of than a compromised box. Since the point of compromising a zombie pc with DSL is to gain a machine that can be used for DoS attacks, as well as spam, how much better would thousands of google machines be for the same purpose. All with fat pipes. Netsky and other worms/viruses were built for explicit purposes and those purposes could be served equally well with Linux machines as with Windows, in some cases, even better with Linux machines because the pipes are going to be fatter. For your average hacker, web site defacement is done for fame in his community. What better way to gain fame than be the guy that took down Google, not by DoS attack that takes them down for 30 minutes, but by massive compromise on boxen that leaves them trying to clean up for years. > i wanted to point out that > Linux has other security flaws than Windows and that no OS is specifically > safer than the other. And, just in case you missed the point, I was expressing my disagreement with your point. Linux, by design, in implementation, with existing security flaws, is specifically safer than Windows. Also, blanket statements like no OS is specifically safer than the other is demonstrably false. Even MS doesn't advertise its products by saying that no OS is specifically safer than the other and IMO, that would be a step up for them. > And as a possibility for the idea one is being less > attacked it might be the idea that you can cause more problems attacking > the majority using a certain platform than trying to bring down the whole > backbone which serves this whole majority of certain platform users. If we saw even a smattering of Linux capable viruses along with the many and sundry Windows ones, I might buy the whole marketshare argument. Since we don't, I think it is a load of FUD. And given that the Enderle's of the world are the ones so quick to make that point and offer up absolutely no evidence to support it, I choose to take it with a barrel of salt. > Neither systems are really safe, but they get safer each update. But every > new feature also introduces new (maybe security) bugs. It's part of the > development cycle that is hardly unavoidable. Well, since the term "safe" is somewhat relative, I will just have to let that one go. In comparison terms, Linux is incredibly safer than Windows. For any number of reasons but some of which go all the way back to architecture level design decisions that were made by MS. Those types of things are not easy to fix and certainly can't be corrected in a simple update. But the old line about Linux being just as bad as Windows and we just don't know it because Linux isn't an active or worthy target is simply MS FUD. Plain and simple. If you bought into the FUD, you really should try to educate yourself but I wouldn't expect to post that type of drivel to this list without being challenged. -- Bryan Phinney
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________