[H-GEN] E Smith Hacked

Robert Kearey mammal at optushome.com.au
Mon Jun 17 00:27:06 EDT 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Tony Bilbrough wrote:

> I have been repeatedly warned that E Smith does not have an effective firewall.
> But I have not had any problems since February, when it first fired up, so I
> never thought too much about it.

Bollocks to that. The e-smith ipchains set up is a very good one for 
what it is.

> In fact, only last week Hilton Travis suggested I install Smoothwall, and Alan
> Harrison even pointed me to the free Lite version, and I thought 'yep' the very
> next project ,,,,,, 

Arrgh! Smoothwall! Beyond these shores lies the ocean of blustering 
self-aggandisment of all the secure linux/un*x specialists. Don't trust 
them, says I - do the homework and do it the Right Way yourself.

> Anyway, I use the 'Air Gap policy', turning the Modem off each night, only
> leaving it on during the day.

Excellent idea, and much under-rated - however ...

> - black hackers only work at night

... it's always night somewhere on Earth.

> - I have forgotten the root password, and if I can't get into root, who the hell
> else can.

At the lilo prompt, type linux single. At the bash prompt that appears, 
type passwd, and off you go.

That's why securing machines in the physical sense is a whole other subject.

[Tony got cracked]

You'll probably find they've not so much penetrated your firewall as 
cracked an open service. It's not too hard to accidentally leave one 
one, which is the downside of a web admin tool.

> Now, I was wondering if any of you were interested in the attack, or the
> programming changes, or wanted to see the hard drive, before I format it's
> contents and do a reinstall of E Smith?

Just pull out the drive and store it. Use a new one for your beastie. 
Bring it along to humbug and I'm sure suterbeast can tell you what 
happened :)

> Will it need 2 NIC's like the Router/Server, so that it is sort of daisy chained
> - Modem to Firewall to Router/Server to Hub?

Seperate nics for each network is a must, to keep the internet and 
intranet traffic physically seperated.

> Tony

-- 
Rob K - Ich mag Chips mit brauner Soße
http://members.optushome.com.au/mammal
Please abbreviate 'bandwidth' as 'bndwth'
thereby conserving precious bndwth.


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list