Re: Cracking attempt

To: Russell Coker <russell@coker.com.au>
Cc: debian-isp@lists.debian.org
Subject: Re: Cracking attempt
From: Tim Spriggs <tims@fugazi.engr.arizona.edu>
Date: Mon, 24 Feb 2003 06:08:43 -0700 (MST)
Message-id: <Pine.GSO.4.44.0302240554300.16669-100000@fugazi.engr.arizona.edu>
In-reply-to: <200302241139.24439.russell@coker.com.au>

On Mon, 24 Feb 2003, Russell Coker wrote:

> On Mon, 24 Feb 2003 10:59, Tim Spriggs wrote:
> > > That's the only thing to do, if someone is excessively scanning you then
> > > you block their IP addresses for a while.  Of course you can't be too
> > > trigger happy with this or you'll end up with half the Internet in your
> > > firewall rule set...
> >
> > In the defense of the ballistic person that is complaining about the
> > portscan, one of our servers is running a backup server that dies with no
> > error/warning when the server is portscanned. Unfortunately, our servers
> > can not be put behind a firewall as funding is at an all time low.
>
> !?!?!?
>
> Firstly having a backup server on a public IP address is just asking for
> trouble.

Yes, I know.

>
> What OS are you using?  Presumably if it was Linux you would have solved the
> problem with iptables or ipchains long ago...

Solaris 9 :( It does have some firewalling software but caused some major
conflicts at one point with no config and honestly, I and one other person
are pushing to get a firewall and seperation of tasks on different
machines. The way this thing sits right now I'd be un-surprised if someone
with an hour of spare time and a little talent could get in and fuck a
_LOT_ up.

>
> BTW  As a rule of thumb, if you can crash it then you can probably exploit it,
> I hope that server isn't running as root.

I realize that too. Unfortunately, Universities (at least around here)
tend to be VERY political and getting something like linux as a main
college server in place would be "making waves" with the type of people
that run the money upstairs. Like I said, I'm pushing it. Debian has been
an all-time favorite of mine since I left redhat at version 5.2/5.0
several years back. I'd love to put Linux on the machine and call it a
day. For one, things compile MUCH easier.

> > This is a very inconvenient feature and the company that provides the
> > backup server will do nothing about it so we have to manually restart the
> > deamon from time to time because we were (innocently) portscanned.
>
> That sucks.  Napster clients used to do the same, but you couldn't complain
> too much about free software that is used for unauthorised audio copying.  ;)

Yeah, but you can sure as hell complain about backup software that you BUY
and then don't recieve technical support in any way without paying more
and having a setup that barely works as it is.

~cough~ Veritas ~clears throught~ sorry... Just a little built up...

The hardware is kinda fun though... Sun v880 with 4GB's of ram and 6 36GB
Fiber Channel drives.

<shout out>
On of the drives is dedicated to mirrors by the way. We have a
debian/cpan/xfree86/sunfreeware mirror setup on the box for anyone that's
in/around/close to Arizona.
</shout out>

-Tim

                     < PRE >
##--##--##--##--##--##--##--##--##--##--##--##--##
|             T I M    S P R I G G S             |
|        Assistant Sysadmin - Development        |
|        College of Engineering and Mines        |
|            ECE206A - (520) 621-3185            |
##--##--##--##--##--##--##--##--##--##--##--##--##
                     </PRE >

Reply to:

Follow-Ups:
- Re: Cracking attempt
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>
- Re: Cracking attempt
  - From: Craig Sanders <cas@taz.net.au>

References:
- Re: Cracking attempt
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Cracking attempt
Next by Date: Re: Cracking attempt
Previous by thread: Re: Cracking attempt
Next by thread: Re: Cracking attempt
Index(es):
- Date
- Thread