Thanks from: Test with Chkrootkit

jludwig wralphie at comcast.net
Mon Jul 26 14:22:50 UTC 2004


On Mon, 2004-07-26 at 08:44, Scot L. Harris wrote:
> On Sun, 2004-07-25 at 23:21, Norman Nunn wrote:
> > Scot, thanks to you and others on this.  
> > 
> > I now think my system is actually clean.  The activity on this mail list
> > on security issues in general has been a good learning experience and,
> > as a result, I have added logsentry and portsentry to my system for
> > protection and notifications.  I took the suggestion and setup the
> > aliases to send root's messages to me.  
> > 
snip
> > Thanks again
> > Norm  
> 
> iptables is still a good idea.  If by some chance a way through the
> linksys is found iptables can act as a second line defense.  It also
> gives you a single place to specify what ports are open on the system to
> the network.  Particularly important if you have other systems on the
> local LAN which could potentially be used as an attack vector.  In other
> words, don't blindly trust everything on your LAN segment.
> 
> Of course as has been pointed out if you are cutting any ports through
> your firewall your only protection at that point is good
> passwords/authentication and patching any known exploits through that
> service as quickly as possible.  The IDS stuff you are doing should let
> you know if something odd is going on, hopefully before a hole is found.
> 
> You may have already implemented it but another IDS type package that
> can be very useful is tripwire.  Once it is setup, changes to any files
> being monitored by tripwire will be reported to you.  
> 
> A little paranoia is good, a lot can be even better! :)
> -- 
> Scot L. Harris
> webid at cfl.rr.com
> 
> Never play pool with anyone named "Fats". 
I agree with Scot. I would also note that multiple firewalls on multiple
platforms with IDS can make it very hard for a cracker to get into a
system undetected.
-- 
jludwig <wralphie at comcast.net>





More information about the users mailing list