security

Daniel Roethlisberger daniel at roe.ch
Sun Oct 7 09:42:15 PDT 2001


Øyvind Repvik <mlists at netcom.no> wrote:
> The probability of someone skilled trying to hack a system on a
> dialupline is increasingly slim, and *if* that is to happen...
> Well... I guess it's time to rebuild.

hmm it is not just that easy. I don't know what you have on your
boxes, but think of GPG private keys, SSL private certs, SSH
private keys. Even worse, you might not even notice someone broke
in, unless you run tripwire (do you?). An intruder could replace
your ssh client with a trojaned one (remember the apache.org break
in?). An intruder could install a sniffer and discover your local
passwords (is your LAN traffic all encrypted?). An intruder could
install a DDoS node. Or hop off your box to do more dangerous
break-ins (.mil, .gov?). Would you notice? :)

I've seen a modem dial-up box of a friend of mine being rooted in
no time. They installed several backdoors, but mostly IRC stuff (a
daemon, eggdrops, war-tools). Kids, judging by what they left
behind, but it could have been much worse..

I'm not saying that a base LFS install can be remotely
compromised. I think that the average finished LFS system is much
more secure than the average RedHat, SuSE, Debian. But it only
takes a single flawed client or daemon and its too late. And -if-
it happens, it's not just going to be like "oh, ok, then I just
rebuild". On my boxes at least, rebuilding would be the very least
of my troubles... ;)

Cheers,
Dan


-- 
   Daniel Roethlisberger <daniel at roe.ch>
   PGP Key ID 0x8DE543ED with fingerprint
   6C10 83D7 2BB8 D908 10AE  7FA3 0779 0355 8DE5 43ED

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list