Re: [SLUG] weird web site viewer

From: steve szmidt (
Date: Sun Apr 23 2006 - 06:14:06 EDT

On Sunday 23 April 2006 01:23, Eben King wrote:
> Yup, iptables is flexible and powerful. But if hosts.deny can do what I
> need (i.e. stop this user from getting web pages), I see no need to set it
> up. It's just a residential machine.

Ah, there in lies the crux.

You no doubt already have it installed. Depending on your distro you probably
even have a GUI control of turning it on/off, opending and closing ports.

Plus one have to understand that security is not a matter of a single point of
defense. One adds as many layers as is possible since as all can be
traversed. NAT is not a firewall. Nor is hosts files. hosts files are for
service access by indetd (or newer xinetd), which is a tcpwrapper. Apache for
example does not use it.

I've read so many reports on hackers getting through cheap routers it's not
funny. Usually people leave the default password and never update bad

But if you don't want to, who are we to try to convince you...

Just promise not to come crying wolf if something goes wrong after you have
been adviced to put up some basic defenses.

Security, as is evident by all the viruses and online scams, is not understood
by many. Most are happily ignorant. (Your saving grace is quite possibly that
you are running Linux and not windows.)

All these world wide virus attacks that costs billions in dollars are due to
that ignorance. I think it's probably impossible to overstate. Some basic
understanding can circumvent most of them.

I made a client at CompUsa who were discussing UPS's with his son. I was
evaluating which one I should buy and could not help but over hearing their

As it was they were clearly misinformed and I stepped in offering some help.
They were happy to get it and we discussed their needs.

Turns out one of their problems were that their small network was running
pretty slowly lately and disk space had been rapidly disappearing.

Being a security sleuth I immediately suspected they had been hacked. They
invited me over and sure enough they were owned. I built them a firewall with
an old computer out of their closet.

All of a sudden Internet access was running at the original higher speed.

Someone, probably more than one, were using their computers for remote
storage. A quick reformat and reinstall took care of that. All was well.

This is a typical incident. The indicators were clear as day, but not knowing,
and ignoring the bad indicator, they let this carry on until a huge part of
disk space was lost and their internet access was down to a crawl due to
others use of it.

You have someone who have been doing something to you for six months. You
don't know what, and for all that we know he could already be inside.

Unfortunately you are not alone. 99% are in the same boat.

I got another client who is running not only a windows server but both a web
server and a SQL server. All three famous for massive holes that have rocked
the industry. His professional computer consultant set him up. He did not
even have a firewall in place. The phone company set him up on a shared
digital connection, the router did not even have the firewall activated. It
uses clear text login where the world can observe the password.

The pure abundance of all these open machines is what saved this guy from
being totally owned. Fortunately he does not process or store cc data and the

This is industry standard, being cluess on security that is. Get smart and do
something about it BEFORE needing to!


Steve Szmidt

"To enjoy the right of political self-government, men must be capable of personal self-government - the virtue of self-control. A people without decency cannot be secure in its liberty. From the Declaration Principles ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:41:58 EDT