[App_rpt-users] Security was Re: What is the "debian" user in the DIAL distro?

Loren Tedford lorentedford at gmail.com
Thu Jun 8 08:13:17 UTC 2017


Bryan What about the use of UFW?? I have been using ufw in place of
iptables started that about 4 years ago.. Is their a known risk from ufw
rather iptables?? I thought they had similar characteristics..

Loren Tedford (KC9ZHV)
Phone:618-553-0806
Fax: 1-618-551-2755
Email: lorentedford at gmail.com
Email: KC9ZHV at KC9ZHV.com
http://www.lorentedford.com
http://www.kc9zhv.com
http://forum.kc9zhv.com
http://hub.kc9zhv.com
http://Ltcraft.net <http://ltcraft.net/>
http://voipham.com

On Wed, Jun 7, 2017 at 8:55 PM, Bryan D. Boyle <bdboyle at bdboyle.com> wrote:

> Based on tests that the security research arm of my company has run
> (well-known IT company that's been around for over a century...), the
> elapsed time that a system exposed to the network is discovered, probed,
> and if well-known vulnerable ports are detailed (and the scum or nation
> states who do this keep records), then attempted to be pwned is somewhere
> between a minute to a half hour.
>
> Just for giggles, i spun up a pi with a sip server enabled connected to a
> second port on my router  and started a tail -f on the messages file and
> grepped for the sip daemon.  routed the sip port on my external router to
> the pi, a sat back. (there was no route from the pi to my internal network)
>
> 3 minutes till the first probe.  15 till the attempted pwning.  SIP was
> the only inbound port opened.  I just watched...and went on for an hour
> (no, they didn't take over the system, only ate up bandwidth, of which I am
> pretty ok with being on FTTH).  It's all automated.  don't even need human
> intervention for the probe, just to select the attack vectors when the
> automated system pops a live port selection.
>
> Default SSH is NO guarantee.  Allowing root access from an interactive
> login from the net port deserves to be punished.  Bogus user passwords that
> are guessable should be cause for your isp to turn off your connection.
> Moving to a different port is just attempted security through obscurity.
> Open ports from the outside inbound that allow anyone on the network to
> connect will be probed and attempts (DoS, null sled, buffer overruns, etc)
> to subvert your system as a c&c node, bitcoin miner, email spam relay, porn
> repository, or whathaveyou is the goal.
>
> After doing this since 1988 or so,  it's only the frequency that it
> happens that's changing, not that it's happening.
>
> fail2ban is a good stopgap measure for ports that you positively HAVE to
> have exposed.  router firewall enabled and locked down?  good.  iptables
> set up properly?  passwords NOT based on dictionary words or used for your
> other online activities? yeah, it's a pain. the alternative is your system
> being taken over and used for other purposes while you sleep.
>
> Lots more you can do.  the basic mantra you should have is: "That which is
> not expressly permitted is prohibited".
> --
> Bryan CISSP/CEH/CISM
> Sent from my iPhone 6S...No electrons were harmed in the sending of this
> message.
>
>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://lists.allstarlink.org/
> cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of
> the page. Enter your email address and press the "Unsubscribe or edit
> options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20170608/027fe621/attachment.html>


More information about the App_rpt-users mailing list