From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-45704-garchives=archives.gentoo.org@gentoo.org>)
	id 1FyOBQ-0005tf-8h
	for garchives@archives.gentoo.org; Thu, 06 Jul 2006 07:21:56 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k667KGoj022069;
	Thu, 6 Jul 2006 07:20:16 GMT
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.226])
	by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k667C5Ws004877
	for <gentoo-user@lists.gentoo.org>; Thu, 6 Jul 2006 07:12:05 GMT
Received: by wr-out-0506.google.com with SMTP id 67so50913wri
        for <gentoo-user@lists.gentoo.org>; Thu, 06 Jul 2006 00:12:04 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=YeJWbXOQcGqO45wczXek5TT3iFkVWHxE9J4fubl+z9SaSRrQvpOh5Y4GtJQWYPCqSHWoWbsNEu0IVvWHiJiG6imKKt9COhC/KcDa+pBoj35NonyJfzOBeJSBK/5lC49GK0XHTL/V3RXcAbY4Qrrov8BTlh1wxa6DRUBHo5nuHrE=
Received: by 10.65.177.8 with SMTP id e8mr241796qbp;
        Thu, 06 Jul 2006 00:12:04 -0700 (PDT)
Received: by 10.64.243.9 with HTTP; Thu, 6 Jul 2006 00:12:04 -0700 (PDT)
Message-ID: <e5a3e9ac0607060012x796e8b44mf9ffc542311ac87c@mail.gmail.com>
Date: Thu, 6 Jul 2006 00:12:04 -0700
From: "Lord Sauron" <lordsauronthegreat@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Protecting my server against an individual
In-Reply-To: <44ACA9A6.40100@mid.email-server.info>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <49bf44f10607041556w3db1b64et625c088ba8c56541@mail.gmail.com>
	 <44AB1C8E.4090903@gmail.com>
	 <44AB6C6A.9040008@mid.message-center.info>
	 <44ABEB65.6080200@gmail.com>
	 <e5a3e9ac0607051631n5570136eva31a2fb66e64a6d2@mail.gmail.com>
	 <44ACA9A6.40100@mid.email-server.info>
X-Archives-Salt: 1254e9d6-98d1-4fe0-93aa-e6a11c0a6809
X-Archives-Hash: a55e2b3145905d6b65f734eb7973f913

On 7/5/06, Alexander Skwar <listen@alexander.skwar.name> wrote:
> Lord Sauron wrote:
> > Sorry to be a bit elementary, but if you're not colocating your box,
> > and you don't often use SSH, you might want to consider disabling
> > remote administrative things.
>
> Of course - disable everything, that you don't need. ESPECIALLY, if it
> is reachable over the network.
>
> > All your Windoze "friend" will try to do is exploit MySQL to pop a DOS
> > shell into your system.
>
> How do you know?

I read a hacker article.  It was terribly interesting, but nothing I'd
actually want to do.  I don't think hacking is a worthwhile use of my
time, however, since I do aspire to host my own server and website, I
decided it would be good to bone up on attack methods a little bit.

> > If you can't disable SSH for some reason, then limit MySQL access to
> > localhost only.
>
> I'd even suggest to make MySQL "skip-networking". If that's set
> in my.cnf, MySQL won't be available via TCP over a network and
> can only be reached over a Unix socket. Maybe that's what you
> meant, but I just fealt like adding that :)

I'm no pro, but that works.  I don't have a lot of experience, so I
oftentimes just end up speculating on a bunch of educated guesses.

> > If you can, what I'd do is try and get the guy's MAC Address or
> > something and then totally block that off.
>
> How should *THAT* help? In 99.9999999999999999999999999999999% of
> the times, the attacker won't be on the same subnet, and thus the
> MAC isn't available.

Couldn't hurt.  You never know what you'll find when you tear apart
some networking packets.  I was so alarmed at what I found that I quit
doing it altogether.  Ignorance is bliss, I decided.  No, I won't say
what I found for reasons of protecting the egos of innocent people.

> You can try to block me, my MAC will be either 00:12:17:D4:21:D4
> or 00:12:17:D4:21:D2. Just tell me, where you blocked me using
> my MAC and I'll see if I can still access.

I'll try it someday when I can figure out enough about linux
networking to do something like that.

-- 
========== GCv3.12 ==========
GCS d-(++) s+: a? C++ UL+>++++ P+
L++ E--- W+(+++) N++ o? K? w--- O? M+
V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+
                DI+++ D+ G e* h- !r !y
========= END GCv3.12 ========
-- 
gentoo-user@gentoo.org mailing list