From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.43)
	id 1E0Bob-000231-Ky
	for garchives@archives.gentoo.org; Wed, 03 Aug 2005 05:29:18 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j735S0Hr019759;
	Wed, 3 Aug 2005 05:28:00 GMT
Received: from popmail.jettissystems.com (popmail.jettissystems.com [38.118.146.212])
	by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j735ORrd028429
	for <gentoo-user@lists.gentoo.org>; Wed, 3 Aug 2005 05:24:28 GMT
Received: from [10.20.16.103] (unknown [10.20.16.103])
	by popmail.jettissystems.com (Postfix) with ESMTP id DFB2256D481
	for <gentoo-user@lists.gentoo.org>; Tue,  2 Aug 2005 22:24:53 -0700 (PDT)
Message-ID: <42F0551E.3020004@badapple.net>
Date: Wed, 03 Aug 2005 00:24:46 -0500
From: kashani <kashani-list@badapple.net>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Testing how secure a server is...
References: <8f7a9d5805080216505f9b4a51@mail.gmail.com> <BF39219E-1045-4DE7-84D6-FFDD7ADC6204@gmail.com>
In-Reply-To: <BF39219E-1045-4DE7-84D6-FFDD7ADC6204@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 68438988-374b-4d55-81c0-bbfb80f56d8c
X-Archives-Hash: 9c2c05db426a0ce59f829a600b85e60e

Colin wrote:
> 
> Want to know how secure your server is?  Try and hack it!
> 
> A good port scanner like nmap should be a basic check of your  
> firewall.  I would also set nmap (if it can do this) to perform a SYN  
> flood as it scans, to see if your server can withstand that basic DoS  
> attack.  (Adding --syn to your TCP rules in iptables can prevent SYN  
> flooding when used with SYN cookies.)  When you break in, find out  why 
> it worked and how it can be patched.

I'd like to put forth a few words of caution.

	Depending on the complexity of your environment aggressive security 
scans can be fairly detrimental to your services stability. Make sure 
you inform the other admins if any that a scan will be taking place and 
do it in off hours. While most Internet facing applications today are 
pretty good about handling a scan internal custom built applications or 
newly released appliances are not.
	I once had massive load balancer failures across three geographic sites 
because of an unauthorized port scan by out new security director. Yes 
they shouldn't have locked up when send a weird packet, but we'd have 
avoided quite a bit of downtime if we had known what to look for.

kashani

-- 
gentoo-user@gentoo.org mailing list