Thanks from: Test with Chkrootkit
jludwig
wralphie at comcast.net
Mon Jul 26 14:22:50 UTC 2004
On Mon, 2004-07-26 at 08:44, Scot L. Harris wrote:
> On Sun, 2004-07-25 at 23:21, Norman Nunn wrote:
> > Scot, thanks to you and others on this.
> >
> > I now think my system is actually clean. The activity on this mail list
> > on security issues in general has been a good learning experience and,
> > as a result, I have added logsentry and portsentry to my system for
> > protection and notifications. I took the suggestion and setup the
> > aliases to send root's messages to me.
> >
snip
> > Thanks again
> > Norm
>
> iptables is still a good idea. If by some chance a way through the
> linksys is found iptables can act as a second line defense. It also
> gives you a single place to specify what ports are open on the system to
> the network. Particularly important if you have other systems on the
> local LAN which could potentially be used as an attack vector. In other
> words, don't blindly trust everything on your LAN segment.
>
> Of course as has been pointed out if you are cutting any ports through
> your firewall your only protection at that point is good
> passwords/authentication and patching any known exploits through that
> service as quickly as possible. The IDS stuff you are doing should let
> you know if something odd is going on, hopefully before a hole is found.
>
> You may have already implemented it but another IDS type package that
> can be very useful is tripwire. Once it is setup, changes to any files
> being monitored by tripwire will be reported to you.
>
> A little paranoia is good, a lot can be even better! :)
> --
> Scot L. Harris
> webid at cfl.rr.com
>
> Never play pool with anyone named "Fats".
I agree with Scot. I would also note that multiple firewalls on multiple
platforms with IDS can make it very hard for a cracker to get into a
system undetected.
--
jludwig <wralphie at comcast.net>
More information about the users
mailing list