Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] code red question....
  • From: Gideon Hallett <diogenes@xxxxxxxxxx>
  • Date: Tue, 7 Aug 2001 20:37:00 +0000
  • Message-id: <02bde0538190781PCOW028M@xxxxxxxxxxxxxxxx>
On Tuesday 07 August 2001 6:11 pm, Rick Green wrote:
> On Tue, 7 Aug 2001 jfweber@xxxxxxxxxxx wrote:
> > ** Reply to message from Gideon Hallett <diogenes@xxxxxxxxxx> on Tue, 7
> > Aug 2001 17:24:21 +0000
> >
> >
> > ** Nonetheless, it's interesting reading.
> > **
> > ** I've had 272 probes today alone; many of them from other cable modem
> > users ** within my ISP's network. It gives you an idea of how much care
> > your local ISP ** takes over their broadband security.
>
> Stop and think a moment about this statement. Just how much 'care' do
> you want your ISP to exercise, and what does that 'care' look like?

Sorry; perhaps I didn't make myself clear in my wording there.

What I meant to say was this: your ISP is *not* going to protect you from
this sort of thing. Having worked for one, I know that it really isn't their
job unless you pay them to do it.

That means that security *is* the responsibility of the machine administrator
- not the ISP.

In other words, it's up to you.

(FWIW, the combination of snort and snortsnarf provide an
easily-customizable, HTML-reporting IDS that will give you very good blurb on
any dubious packets entering your network - see
http://lizard.drsuse.org/snort/snort17.html)

> I'm sure there is a creative soul out there who can figure a way to use
> that back door to ACTUALLY take the machine offline. I would consider that
> a positive step, and a sort of internet Robin Hood kind of thing to
> do... If you come up with a method, publish it far and wide!

Most ISP AUPs have explicit prohibitions against such behaviour; mine
certainly takes a dim view of any action that results in a denial of service;
grounds for immediate termination of contract.


> PARANOID THOUGHT OF THE DAY: What does the M$-provided patch actually
> do? Does it contain a back-door for M$ use???

I doubt it. $deity knows, they get enough trouble from accidental backdoors
and buffer overflows without introducing any new ones deliberately.

>
> > as a "sort of" update.. local news report just said folks w/ Cisco DSL
> > modems are finding they get shut off by code REd2 ( apparently code red
> > updated by someone) It seems CR2 thinks Cisco DSL modems re "webservers"
>
> Cisco DSL modems just may be webservers. Many of their products these
> days have built-in webservers for remote administration. I wouldn't be
> surprised if a buffer-overflow exploit containing intel binary executable
> code would crash a non-intel webserver with an overflowable buffer...

There are a number of known Cisco buffer overflows; a quick Nessus scan will
get all but the newest.

cheers,
Gideon.

< Previous Next >
Follow Ups
References