Re: Re: January 15 is Personal Firewall Day,help the cause

[Ron DuFresne <dufresne () winternet com>]

Brenda,

Here's a strong clue;

If you do not allow other users on the system, do have services open for
public consumption, keep patched and block the nasites, your risk has been
trivialised.  perhaps as much as 75% of the risk on a linux or unix
systesm comes from insiders, users taking advantage of weaknesses in apps
and packages under the hood.  If you have a httpd running and open to
public consumption, or an ftpd or another public service then your risk
goes up again drmatically <httpd is far more serious an endeavor in threat
level then many would have one believe these days, damned near
everythingcan be pushed through and over it, and is>.

On Fri, 16 Jan 2004, brenda wrote:

> question on this?
> maybe i am more disillusioned than i thought but if i patch and update how can
> i be as vuknerable as on windows?
> i run a program called killerwall as my firewall
> it is a script that uses ipchains or iptables .i chose iptables because of my
> reading and thinking this was safer.
> i dont understand how rootkits work tho and my reading has not helped my
> understanding of this very much.
> i dont do downloads except with acceptable ftp sites .no music/movies stuff.in
> fact my only downloads have have been with urpmi?
> can rootkits be used this way?
> apologizing for my ignorance ahead of time but i am hoping to learn
> br3n
>
> > That's true. I just want to remember about the guy with the rootkit
> > which I asked about. Running SuSE Linux, patching regularly and thought
> > he was safe while running an unpatched PHPNuke installation. Ouch. :-)

This fellows problem was enabling php <well enabling apache and letting
http past his firewall, without understanding the risk>, and having a lack
of understanding of what php is and can do.  Dynamic content is not
something joe everyday user should be engaging in except on a trough away
system, even with iptable enabled.  And phpnuke has perhaps the worst
recond for all the php modules that folks are playing with like those in
the past played with matt's old cgi's.



Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html