Gravis Wrote:
-------------------------------------------------------
> Registered Voter Wrote:
> --------------------------------------------------
> -----
> > So for instance - we shouldn't be concerned
> then
> > with sites like these that discuss hacking
> linux?
> >
> >
>
http://www.darknet.org.uk/category/linux-hacking/
>
>
> no, you shouldnt. that site isnt about hacking
> linux, it's about how to preventing linux from
> getting hacked. read closer and you will see
> there are a lot of security audit tools there so
> that you can secure your box.
>
But hold on. Is the argument that linux cannot be hacked, or is the argument that linux has better tools to manage against being hacked?
It appears that you are claiming that you can't hack into linux. I know from both sides of the equation that it is possible to "hack" into linux. Slackware, Debian, RH, Ubuntu, I've managed them all on an enterprise level, and I've seen all of them hacked into during my consulting years. We were able to take simple tools found online, and were able to compromise most of the systems, even after we applied many security measures and patches, both well published as well as obscure measures passed around among sysadmins and other linux professionals in the DC/Balt area.
>
> > I mean, if you couldn't do it - then why have
> > sites like this? As far as your average joe -
> all
> > I can say is if you have cable internet and you
> > hook up your linux box directly to the cable
> > modem, you better have your firewall running.
>
> well... i'll be sure to tell that to the first
> person i see that doesnt use a router. honestly,
> who doesnt use a router?!
I've run linux boxes in all kinds of environments. I've run them directly connected to a frame-relay, an ISDN, an ethernet port right off the main hub at CAIS, behind NAT, BigIP, VPNs, and some really crazy proprietary BGP/Bastion setups. I've used IP packet filtering gateways, blacklists, black holes, and all kinds of expensive packet filtering and intrusion detection filters, and my linux boxes have always been probed, fingered, tested, and always shows thousands of attempts an hour.
I just never had the audacity or arrogance to ever claim to any of my clients that any of their machines were completely hack proof.
The only thing i've ever sold my customers is the knowledge that a hacker or virus would not cause them significant downtime. I actually promise my corporate clients that they will get hacked or infected by a virus, because it happens to everyone. I just promise them that we can prevent most, resolve all the ones that get through, and prevent anything more than about a 30 minute downtime in the absolute worst case scenario.
Linux boxes can be hacked. Every daemon, every configuration setting in apache (even though it's the safest httpd daemon available), every port you leave open for MySQL, SCP, RCP or SSH can be a potential hole that some hacker can exploit.
DO YOU KNOW IF YOUR SCP or SSH was exploited? Can you tell me that it HAS NOT BEEN EXPLOITED?
The only way to make a 100% hack-proof computer is to install your own self-made OS, with your own drivers for video, memory and storage access, and to never connect it to the internet. Other than that, you're an ass if you even attempt to claim you have a hack-proof operating system or computing environment.
In fact, often just making that claim will produce the 5 kids that know how to turn your carefully planned and implemented system inside-out.
>
> > I can almost guarantee that some kid is in your
> > neighborhood running port scans on the
> available
> > machines in his hub, seeing if he can crack
> into
> > them. Linux or Windows.
>
> yeah, that's a good way for you to get the
> attention of your ISP.
>
Well, that's just a silly threat by someone who gets his technical knowledge by watching the nightly news. Not you, Gravis, I think that was Registered Voter's idea.
Some kid in my neighborhood, even if he knows how to set his NIC to promiscuous mode, he's only going to be able to packet sniff inside his own network, on the private side of his cable modem. It takes a really sophisticated person with knowledge of the cable modem architecture, and an ability to get beyond the security of the cable modem, in order to packet sniff the "local segement" of that neighborhood's cable head-end. I mean, it doesn't even resemble an ethernet topology anymore, you can't packet sniff your neighborhood because even cox is using fiber from each segment, and they've so entirely locked down each tree/hub/head so that they can immediately shut off a non-paying customer or restrict packets for folks playing WOW or using torrents (Thank you for shooting down net-neutrality, Supreme Court).
>
> > Hell, I have fios, and I put a box in my DMZ
> with
> > a firewall, and only opened a few ports - one
> of
> > which was VNC - and when I came back my
> computer
> > was hung and the logs showed that someone was
> > attempting to hack the VNC port when whatever
> they
> > did locked the machine up.
>
> you should use VNC using an SSH tunnel.
>
He should have closed ports and shut down services that were unnecessary. Beginner Linux admins always leave lpr running. None of them have a printer attached to their rack-mounted server, yet every once in a while, someone gets in through the listening lpr port, and does a simple buffer overflow and gains root access. Or whatever it is they do. They get into some of the most secure linux machines, and 70% of the time, the admin of that system doesn't even know the system was compromised. If the vandals are smart, he'll never know. If they do something stupid, the admin finds out that he was compromised.
I helped a guy about 2 years ago who had a system he'd been maintaining for about 2 years. It got hacked, but he couldn't find any foreign or unknown IP addresses, and had no idea how it got hacked. It turned out to be an intrusion that actually occurred 3 years before, and remained undetected. TWO different system administrators, as well as one security audit failed to detect the intrusion.
>
> > In the past I had a
> > linux box hooked up and it was constantly being
> > probed with folks attempting to attach and
> attack
> > ftp and other ports. I had them either turned
> off,
> > or blocked - but it was amazing to see the
> number
> > of attempts being made.
>
> and how many succeeded? seriously, it that was a
> windows box, you would have been pwn3d.
I've seen public boxes get higher levels of bogus traffic in relation to legitimate traffic.
At one site, they had 26 boxes. RH and debian. They were serving up 20,000 page views a day, so there were something like 5 or 6 million TCP connections per day. 10% were "probe" connections, or otherwise questionable port requests. At least that's what their intrusion detection hardware was reporting, after the packets got through all of the Intrusion Detection and Firewall filters, and past their intelligent load balancers and virus filters. Any device connected to the internet is getting "hacked", or at least attempted hacks, all the time, all day, every day. To imagine that your linux box isn't subject to the same forces just because it's not made by microsoft, well that's delusional.
I have a NAS that I put outside my firewall, as a kind of "bastion". I love ssh'ing into it and watching all kinds of network connections attempt to gain access to it.
BUt i have no self-delusional notions that my NAS will never be broken into. Hell, I really don't know for sure if it hasn't already been broken into. It might have been. It is linux based, but this is what I get when I type uname -a ............... "Linux NAS001 2.6.24.4 #1 Tue Feb 10 11:00:22 GMT 2009 armv5tejl unknown"
It is linux. Has it been hacked? I really can't say.
But I'm cool, I've never been hacked, cuz I noz my shit. yeah, beleeveses me. I'se cool nerd. I never gots hacked.
yeah, right. Try to sell that one to the nurses. That's like trying to eat the skin of the cat. It's like being the elephant that wants more water. If I could lead donkeys to Whip Cream I'd make a fortune. That's like trying to convince an ape that he needs to shave. I can't remember how many dogs you need to skin before you make the rabbits bark.