Re: [gentoo-user] Protecting my server against an individual

["Lord Sauron" <lordsauronthegreat@gmail.com>]

On 7/5/06, Alexander Skwar <listen@alexander.skwar.name> wrote:
> Lord Sauron wrote:
> > Sorry to be a bit elementary, but if you're not colocating your box,
> > and you don't often use SSH, you might want to consider disabling
> > remote administrative things.
>
> Of course - disable everything, that you don't need. ESPECIALLY, if it
> is reachable over the network.
>
> > All your Windoze "friend" will try to do is exploit MySQL to pop a DOS
> > shell into your system.
>
> How do you know?

I read a hacker article.  It was terribly interesting, but nothing I'd
actually want to do.  I don't think hacking is a worthwhile use of my
time, however, since I do aspire to host my own server and website, I
decided it would be good to bone up on attack methods a little bit.

> > If you can't disable SSH for some reason, then limit MySQL access to
> > localhost only.
>
> I'd even suggest to make MySQL "skip-networking". If that's set
> in my.cnf, MySQL won't be available via TCP over a network and
> can only be reached over a Unix socket. Maybe that's what you
> meant, but I just fealt like adding that :)

I'm no pro, but that works.  I don't have a lot of experience, so I
oftentimes just end up speculating on a bunch of educated guesses.

> > If you can, what I'd do is try and get the guy's MAC Address or
> > something and then totally block that off.
>
> How should *THAT* help? In 99.9999999999999999999999999999999% of
> the times, the attacker won't be on the same subnet, and thus the
> MAC isn't available.

Couldn't hurt.  You never know what you'll find when you tear apart
some networking packets.  I was so alarmed at what I found that I quit
doing it altogether.  Ignorance is bliss, I decided.  No, I won't say
what I found for reasons of protecting the egos of innocent people.

> You can try to block me, my MAC will be either 00:12:17:D4:21:D4
> or 00:12:17:D4:21:D2. Just tell me, where you blocked me using
> my MAC and I'll see if I can still access.

I'll try it someday when I can figure out enough about linux
networking to do something like that.

-- 
========== GCv3.12 ==========
GCS d-(++) s+: a? C++ UL+>++++ P+
L++ E--- W+(+++) N++ o? K? w--- O? M+
V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+
                DI+++ D+ G e* h- !r !y
========= END GCv3.12 ========
-- 
gentoo-user@gentoo.org mailing list