On Sun, Jan 14, 2001 at 01:41:18AM -0500, Bradley M Alexander wrote: > > I go to great lengths to ensure that they don't expose any known > > weeknesses to the world. > > This is the problem. They do not expose any known weakness. What about > unknown weaknesses? New ones are being discovered every day. They don't > just pop into existence when they are discovered. Someone usually knows > about it beforehand... Agreed, of course. There is some risk in having any services open, no matter how secure they claim to be. There's always a chance that somebody cracks a service on my machine before I know about any vulnerability. Reading lists like debian-security and bugtraq helps minimize this risk. The best you can hope for is to stay at least as informed as most of the bad guys. > I tend to think of portscanning as a possible precursor to an attack. Pings > are mostly benign, though portscans tend to be a little more information > than I feel comfortable giving out. The analogy of your house is the best I > have come across. Much like you would not want a total stranger coming up > to your house checking to see if the doors or windows are locked (or > peering into windows, for that matter), you probably should pay attention > to portscans. I don't think that's a good analogy, though. That analogy fits more closely with the act of somebody running some exploit code against a running service. I get hit with the rpc.statd attack relatively frequently. Those are the people that are walking up to my house and turning the door knob to see if it's unlocked. A portscan is more like walking by the house and taking note of where the doors and windows are. Most of the time they're not even looking at what brand of locks you use. (i.e. what mail server software your running on port 25) > > Tripwire is no longer non-free. Version 2.3, a major update from the > > version available in Debian, has been released under the GPL. Go to > > www.tripwire.org to learn more. The files are available on sourceforge. > > It takes a while to build a good policy file, but it's very good at > > detecting system changes. 2.3 is also significantly faster than the old > > version. > > Tripwire version 2.2.1 for Linux has been released to GPL and is available > from their website, http://www.tripwiresecurity.com. there is no listing > there of version 2.3, so 2.2.1 seems to be the latest and greatest. The GPL version is 2.3. I believe the new version number is merely a code branch and 2.2.1 is still what they're developing commercially. See http://www.tripwire.org/downloads/index.php. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpWOSgE7hXpV.pgp
Description: PGP signature