Re: Hackers Out of Business?

[dsiebert () icaen uiowa edu (Doug Siebert)]

> I grabbed their technical FAQ from ftp.sctc.com.  Rather amusing.  They
> talk about how they deal with UDP packets and they say,'We dont allow any
> services that UDP packets.'.  Well, Gee, I guess sidewinder isnt going to


Gosh, its really hard to secure a system if you lock out all Internet
services:-)  I admin whip.isca.uiowa.edu, which runs the ISCA BBS, which
is the largest BBS in the world.  Obviously it'd be quite a coup for a
cracker type to break it, but it has never been done.  Why?  Not because I
am the world's greatest admin, or because HP-UX 9.01 is the most secure OS
in the world.  Its because there are only 4 ports with any sort of access:
telnet, which connects to the BBS, finger, which gets a list of who is on
the BBS (neither of which can possibly fork a shell or execute a command)
Sendmail, which runs with program/file/etc mailers disabled and has a few
hacks to screen out attempts to mail anything but 3 specific accounts, just
in case the program/file mailer disabling wasn't enough.  Plus a real telnet
daemon on a port that will only accept connections from 4 specific IP
addresses.  Essentially cracker proof.  So did I miss the boat by not trying
to sell this "knowledge".  The military secure version of the system could
have no network at all, be inside a locked bank safe, with armed MPs on guard
strip searching everyone before and after they leave :-)