On Mon, 09 Dec 2002 02:22:34 PST, Vineet Kumar writes: >>> - install a firewall that just drops any incoming connection from your >>> cable-connected ethernet interface. (I would recommend using fwbuilder >> The security gained with this step is epsilon under Linux if you don't >> have services that aren't needed installed. >I've seen many redhat boxes in which installed rootkits included >something to the effect of 'echo "6969 stream tcp wait root /bin/sh" >> >/etc/inetd.conf'. Having a firewall up in this case prevents the >cracker from using the installed backdoor, even after an >intentionally-exposed service is broken. It's a very good safety net to >have, especially in the case of an always-on static-IP-address cable >connection, which is likely to be swept by script kiddies who then >later try to connect to the boxes their scripts successfully penetrated. Of course, the real point is to never rely on one safety net alone. cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <rw@coretec.at> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /
Attachment:
signature.ng
Description: PGP signature