main

main@lists.alug.org.uk

10364 discussions

Re: [Alug] Virus on Linux?
by Earl Brannigan 25 Jun '01

25 Jun '01

Hi all, tell its Friday, Earl get's a little time out to post. > Message: 16 > To: xsprite(a)bigfoot.com > Cc: alug(a)stu.uea.ac.uk > Subject: Re: [Alug] Virus on Linux? > From: MJ Ray <markj(a)cloaked.freeserve.co.uk> > Organization: Cat-killingly bad > Date: 22 Jun 2001 12:49:23 +0100 > > xsprite(a)bigfoot.com writes: > > > If you have a high amount of bandwidth, or your isp provides a > > service such as cable, you are likely to get scanned (I do atleast > > once every two days or so) whether the scan is for open netbios > > shares or the latest s'kiddie 0day. > > My home dial-up machine gets scanned pretty much every evening for > samba shares. I intend to develop a small samba share of poisoned > files padded out with 0s (so they compress well and go up the modem > fast). > The most likely culprit here is sharesniffer. (www.sharesniffer.com) It's looking for Windoze (but will of course find any SMB public shares) I have a load of virus algorithms in zip form I could let you have if you wish to set up a SMB 'honeypot' - sorry about the misappropriation. I was actually thinking of doing something like this, put a load of XL/Word files on a drive which are actually just these things. Some are disk crunchers, others boot sector infectors (TSR as well), others just lock your cpu into infinite loops etc. The 'nice' approach would be to just call them MyVeryImportantCreditCardsDetails.doc or something, and the lame script kiddie who has just scanned your machine for things will download it and probably try to open it in Word straight away, excited at the perceived goodies. ..... one would hope that such a donkey is not running a good virus checker. Many are in Assembler for easy inclusion into any proggie..... Been looking for an excuse to use them (only have them for research purposes .... honest..!) Cheers Earl > Yes, don't let anything listen to the external interface unless > absolutely necessary. netstat -a will show what's listening. inetd > always seems to want to listen to everything, but you can use "ALL: > ALL EXCEPT 127." in hosts.deny (man hosts_access) to pin that down to > only the local machine (change to taste) for most services it starts. > Commenting out some lines in /etc/X11/*/Xaccess is also good, as in > running X with -nolisten tcp if you don't use that. > > And use ipchains/iptables just to be sure. > Good Advice .... > -- > MJR > Sorry, I was to have been at the last meet to do a little security demo but couldn't make it at the last minute. This is still a plan if it is still required. Sorry I've forgotten but I know there are a few others who are into this sort of thing (to the point of test-hacking their own machines, playing with nmap/nessus and others. It would be a good idea to collaborate for this, and do a proper job of it as a team... Mail me off list guys and let's start planning, we could have a nice little demo together for the next meet. Cheers Earl Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Albert Einstein)

1 0

RE: Microsoft is right Re: [Alug] Microsoft FUD
by Laurie Brown 22 Jun '01

22 Jun '01

22/06/01 15:02:43, "Mark Wilkinson" <mark(a)wiggis.com> wrote: >I find that the occasional reboot on NT helps to keep things a bit more >stable. About once a week does it for me... My old faithful 486 DX-4/120 with 64meg of crappy old memory and a slow HDD, which runs our firewall has an uptime of: laurie@firewall:~ > uptime 3:27pm up 315 days, 20:30, 1 user, load average: 0.00, 0.00, 0.00 I'd like to see *any* windows box do that, even if all it does is route and filter traffic between three NICs... Cheers, Laurie. --- --------------------------------------------------------------------- Laurie Brown laurie(a)brownowl.com PGP key at http://pgpkeys.mit.edu:11371 ---------------------------------------------------------------------

4 7

Re: Microsoft is right Re: [Alug] Microsoft FUD
by Laurie Brown 22 Jun '01

22 Jun '01

22/06/01 15:47:39, Neill Newman <neill(a)entora.co.uk> wrote: >Laurie Brown wrote: >> >> >> My old faithful 486 DX-4/120 with 64meg of crappy old memory and a slow HDD, which runs >> our firewall has an uptime of: >> >> laurie@firewall:~ > uptime >> 3:27pm up 315 days, 20:30, 1 user, load average: 0.00, 0.00, 0.00 > >cool, don't get caught out by the 497.1 day uptime bug as I did a few >weeks ago.. I thought I had been hacked, turns out the uptime couter >wraps ;).. I remember that one, and saved the mail for future reference! In fact, it'll have to come down soon, to be replaced with a P200 running 2.4.x and iptables. Shame, cos it'd be nice to see it hit a year. In fact, the last power down was the result of a server-room refit, and I've forgotten how long it was up before that. It has never fallen over, and for sure has run for more than a year with no problem of its own making. Let's just say it's been reliable! Here's the ifconfig on the internet-facing NIC (3C-509): laurie@firewall:/home/laurie > ifconfig -i eth0 eth0 Link encap:Ethernet HWaddr 00:C0:F0:4D:2F:E4 inet addr:213.155.158.242 Bcast:213.155.158.243 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:28597916 errors:2 dropped:0 overruns:0 frame:2 TX packets:28085146 errors:0 dropped:0 overruns:0 carrier:0 collisions:35357 txqueuelen:100 Interrupt:10 Base address:0x6000 It's fairly active for an old girl! Cheers, Laurie. --- --------------------------------------------------------------------- Laurie Brown laurie(a)brownowl.com PGP key at http://pgpkeys.mit.edu:11371 ---------------------------------------------------------------------

1 0

Re: [Alug] Virus on Linux?
by MJ Ray 22 Jun '01

22 Jun '01

xsprite(a)bigfoot.com writes: > If you have a high amount of bandwidth, or your isp provides a > service such as cable, you are likely to get scanned (I do atleast > once every two days or so) whether the scan is for open netbios > shares or the latest s'kiddie 0day. My home dial-up machine gets scanned pretty much every evening for samba shares. I intend to develop a small samba share of poisoned files padded out with 0s (so they compress well and go up the modem fast). Yes, don't let anything listen to the external interface unless absolutely necessary. netstat -a will show what's listening. inetd always seems to want to listen to everything, but you can use "ALL: ALL EXCEPT 127." in hosts.deny (man hosts_access) to pin that down to only the local machine (change to taste) for most services it starts. Commenting out some lines in /etc/X11/*/Xaccess is also good, as in running X with -nolisten tcp if you don't use that. And use ipchains/iptables just to be sure. -- MJR

3 2

Disappearing messages
by Adam Bower 22 Jun '01

22 Jun '01

David mentioned earlier that he saw a reply to a message he sent before the message turned up and the same has happended to me several times now today. Is this affecting anyone else? Adam -- This message is Copyleft - all rights reversed Adam

1 0

Re: Microsoft is right Re: [Alug] Microsoft FUD
by MJ Ray 22 Jun '01

22 Jun '01

David Freeman <david_freeman(a)rocketmail.com> writes: > 2)And how much does it cost to employ a MSCE certified tech to run the > NT servers which need more care than a *nix box? Amen. Sadly it seems to mean the nux admins are losing permanent jobs again, though. Maybe that's just what I'm seeing, or maybe we're about to have a resurgence where they *stop* employing busloads of NT/2k admins to patch that service together and employ nux admins to roll out a stable service. > 4)Lack of availble software, on this one they are right, there is > limited stuff for an epos system to use. But for office/desktop and > server applications there are loads of pkgs avaible for free! I thought EPoS had a few options (some commercial) on Linux now, including those used by some large chains. The details elude me, as it's not something I have much of an interest in just now, so I don't pay much attention to it. > 8)Increased labour costs? now this one could be fair, but I don't see > it as much of a problem, but spending money on lots of licenses for > each user will cost more! Wait until they get sued for the mental anguish of 2k/NT admins ;-) > 9)LIMITED DEVELOPER TOOLS! what bollocks, I have on my machine some of > the best tools on the planet with much nicer Ui and better EOU, GCC > with Vi and GDB is everything I need and more with out spending a > penny. Atleast I don't need to spend out on a new compiler every so > often! I've been doing some UI work again (cue flame from Brett) and I'm quite happy with the results so far, if I do say so myself. Anyone else out there tried ROX, http://rox.sourceforge.net/, yet? At last someone's taking the good ideas from RISCOS. > As for the subject, Microsoft are right on a couple of small points, > but it all comes down to how you massage the facts. Anything is > provable given enough imagination. Nothing is provable except logic. Everything else just gathers empirical evidence until it is disproved. -- MJR

4 4

Re: [Alug] Virus on Linux?
by brodders＠cwcom.net 22 Jun '01

22 Jun '01

This is useful: http://www.linuxgazette.com/issue65/lg_toc65.html "A Private Home Network" By Jan Stumpel Here, Jan goes though the steps needed to isolate a linbox from the outside world & still be able to use internet. Some other good articles in that issue too. Steve >on Fri, Jun 22, 2001 at 09:18:51AM +0100, Vanisa Surapipith scribbled: >> >> Can virus attact a linux system? People with MSWindows are constantly >> affected and need to update their Norton or McAfee virus scanner. Is there >> a similar thing in linux world? >> > >Yes. <http://www.big.net.au/~silvio/> >However initial infection can be harder because of the multiuser nature of >gnu/linux (and peer review). Worms are far more common. ><http://www.zdnet.com/zdnn/stories/news/0,4586,5080656,00.html> ><http://www.computeruser.com/news/01/01/23/news13.html> > >If you have a high amount of bandwidth, or your isp provides a service such as >cable, you are likely to get scanned (I do atleast once every two days or so) >whether the scan is for open netbios shares or the latest s'kiddie 0day. > >If you do minimal as root, then you significantly reduce the affect of any >infection. Avoiding inherently buggy programs is another useful thing (eg, >wuftpd, pine, bind, vixie's cron, uw imap, qpopper, sendmail). Running minimal >services exposed to the outside world is a must. > >There are scanners, but an ids might be more useful if you're especially paranoid >about such things (snort! rocks. <http://www.snort.org/>) although there is a >tendancy for turning up false positives. > > > >_______________________________________________ >alug, the Anglian Linux User Group list >Send list replies to alug(a)stu.uea.ac.uk >http://www.anglian.lug.org.uk/ http://rabbit.stu.uea.ac.uk/cgi-bin/listinfo/alug >See the website for instructions on digest or unsub! >

1 0

Insurance Co. charges more if a company uses NT than Open Source
by George Waring 22 Jun '01

22 Jun '01

See: http://www.zdnet.com/intweek/stories/news/0,4164,2766275,00.html Offered in counter-point to the M$ claim that was made in "That Word Document." The greater security that M$ claims with their OS is not making much of an impression in the insurance industry. Insurance against the damages caused by hacking bears a 5 to 15% higher premium for Windows NT. George.

1 0

Virus on Linux?
by Vanisa Surapipith 22 Jun '01

22 Jun '01

Hello, I just join ALUG and have a newly installed Red Hat 7.1 on my PC. I hope to explore it fully but there comes a concern on virus. Can virus attact a linux system? People with MSWindows are constantly affected and need to update their Norton or McAfee virus scanner. Is there a similar thing in linux world? Cheers, Vanisa. &------------------------------------------------------------------------& Ms Vanisa Surapipith (Research Postgraduate) School of Environmental Sciences University of East Anglia, Norwich, Norfolk /_____T NR4 7TJ, United Kingdom. (x)\/(x) ~~~~~~~~

3 2

Re: [Alug] Virus on Linux?
by MJ Ray 22 Jun '01

22 Jun '01

Vanisa Surapipith <V.Surapipith(a)uea.ac.uk> writes: > Can virus attact a linux system? People with MSWindows are constantly > affected and need to update their Norton or McAfee virus scanner. Is there > a similar thing in linux world? Viruses could exist on Linux, but they would have trouble infecting other users on the same system, assuming most of your programs are installed as root and you log in as another user. That's why people say you should be very cautious about doing anything other than the bare minimum as root. Worms and intrusions are more common. That's why everyone says to keep up to date with patches and security updates. As your machine was professionally installed, I assume they installed all known security updates? With RedHat, I don't know if there's an automated tool with it, but you can keep safe by reading either the "Security" page of LWN, http://lwn.net/ (out every Thursday), or the regular Security newsletter (out most Saturdays) from http://www.linuxsecurity.com/ -- MJR

3 2

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

main