From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FyOBQ-0005tf-8h for garchives@archives.gentoo.org; Thu, 06 Jul 2006 07:21:56 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k667KGoj022069; Thu, 6 Jul 2006 07:20:16 GMT Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.226]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k667C5Ws004877 for ; Thu, 6 Jul 2006 07:12:05 GMT Received: by wr-out-0506.google.com with SMTP id 67so50913wri for ; Thu, 06 Jul 2006 00:12:04 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=YeJWbXOQcGqO45wczXek5TT3iFkVWHxE9J4fubl+z9SaSRrQvpOh5Y4GtJQWYPCqSHWoWbsNEu0IVvWHiJiG6imKKt9COhC/KcDa+pBoj35NonyJfzOBeJSBK/5lC49GK0XHTL/V3RXcAbY4Qrrov8BTlh1wxa6DRUBHo5nuHrE= Received: by 10.65.177.8 with SMTP id e8mr241796qbp; Thu, 06 Jul 2006 00:12:04 -0700 (PDT) Received: by 10.64.243.9 with HTTP; Thu, 6 Jul 2006 00:12:04 -0700 (PDT) Message-ID: Date: Thu, 6 Jul 2006 00:12:04 -0700 From: "Lord Sauron" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Protecting my server against an individual In-Reply-To: <44ACA9A6.40100@mid.email-server.info> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10607041556w3db1b64et625c088ba8c56541@mail.gmail.com> <44AB1C8E.4090903@gmail.com> <44AB6C6A.9040008@mid.message-center.info> <44ABEB65.6080200@gmail.com> <44ACA9A6.40100@mid.email-server.info> X-Archives-Salt: 1254e9d6-98d1-4fe0-93aa-e6a11c0a6809 X-Archives-Hash: a55e2b3145905d6b65f734eb7973f913 On 7/5/06, Alexander Skwar wrote: > Lord Sauron wrote: > > Sorry to be a bit elementary, but if you're not colocating your box, > > and you don't often use SSH, you might want to consider disabling > > remote administrative things. > > Of course - disable everything, that you don't need. ESPECIALLY, if it > is reachable over the network. > > > All your Windoze "friend" will try to do is exploit MySQL to pop a DOS > > shell into your system. > > How do you know? I read a hacker article. It was terribly interesting, but nothing I'd actually want to do. I don't think hacking is a worthwhile use of my time, however, since I do aspire to host my own server and website, I decided it would be good to bone up on attack methods a little bit. > > If you can't disable SSH for some reason, then limit MySQL access to > > localhost only. > > I'd even suggest to make MySQL "skip-networking". If that's set > in my.cnf, MySQL won't be available via TCP over a network and > can only be reached over a Unix socket. Maybe that's what you > meant, but I just fealt like adding that :) I'm no pro, but that works. I don't have a lot of experience, so I oftentimes just end up speculating on a bunch of educated guesses. > > If you can, what I'd do is try and get the guy's MAC Address or > > something and then totally block that off. > > How should *THAT* help? In 99.9999999999999999999999999999999% of > the times, the attacker won't be on the same subnet, and thus the > MAC isn't available. Couldn't hurt. You never know what you'll find when you tear apart some networking packets. I was so alarmed at what I found that I quit doing it altogether. Ignorance is bliss, I decided. No, I won't say what I found for reasons of protecting the egos of innocent people. > You can try to block me, my MAC will be either 00:12:17:D4:21:D4 > or 00:12:17:D4:21:D2. Just tell me, where you blocked me using > my MAC and I'll see if I can still access. I'll try it someday when I can figure out enough about linux networking to do something like that. -- ========== GCv3.12 ========== GCS d-(++) s+: a? C++ UL+>++++ P+ L++ E--- W+(+++) N++ o? K? w--- O? M+ V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+ DI+++ D+ G e* h- !r !y ========= END GCv3.12 ======== -- gentoo-user@gentoo.org mailing list