[luau] RH 9 server hacked -- what went wrong?
Keith
krjw at optonline.net
Tue Aug 26 13:00:00 PDT 2003
* Yuser <yuser at hi.net> [26/08/2003 1717EDT]:
> On Fri, 22 Aug 2003, Keith wrote:
>
> > Firewalls are your friend. These days they are so cheap, even for home
> > use, that there is no reason not to have one. It is in your best
> > interest to have one, set up an inbound default policy of DENY for at
> > least all priveledged ports and only open up those that you absolutely
> > need. Then, if you get hacked, it would be easier to determine the
> > vulnerable service.
> >
>
> Good advice but do you know of any of the cheaper home units (SMC,
> Netgear, Siemens, Dlink, Linksys etc..) that can actually be configured
> with default DENY?
Hrmm. Actually I do not know of any of these cheaper home units that'd
do what you want. I personally use a dedicated linux box for this sort
of thing. :) It is about as versatile as you can get with a firewall.
If you cannot do it with ip{chains,tables} you probably cannot do it.
You can build yourself a nice linux firewall with nothing more than a
floppy and/or CD and a i{3,4}86 with no hdd and 64MB RAM, complete with
detailed logging and reporting capabilities. OK you probably won't have
a nice web interface for configuration but such things are mostly
cosmetic anyway.
HOSEF should have a workshop about linux firewalls if one hasn't been
done already. :)
Maybe you'd consider buying a brick? Check out
http://www.openbrick.org/ but note that the page might be closed at the
moment because they are protesting software patents (like the vim
people and many others).
Here is a pic of the brick:
http://www.linuxdevices.com/files/misc/openbrick.jpg
Note these things are pricy; if you really need a cheap solution then a
brick is not the answer for you.
Alternatively, considering that Cisco acquired Linksys not too long ago,
you should see a few decent home-use firewalls coming out from them,
hopefully minus the buggy history of IOS...
Regards,
krjw.
--
Keith R. John Warno [k r j w at optonline dot net]
"It's your money. You paid for it."
-- George "Dubuhyuh" Bush, LaCrosse, Wis., Oct. 18, 2000
More information about the LUAU
mailing list