[aclug-L] FW: A Denial-of-Service Tale of Woe
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
-----Original Message-----
From: Linux_Security@xxxxxxxxxxxxxxx
[mailto:Linux_Security@xxxxxxxxxxxxxxx]
LINUX SECURITY --- January 15, 2002
Published by ITworld.com -- changing the way you view IT
http://www.itworld.com/newsletters
________________________________________________________________________________
HIGHLIGHTS
* A tale of three systems administrators and the big bad hacker who
couldn't.
______________________________________________________________________________
A Denial-of-Service Tale of Woe
By Robert Currier
Once upon a time there were three systems administrators. They were
great friends and spent the summer playing ultimate Frisbee, roaming
the street markets and drinking espresso at the local java joint. But
the days passed quickly, and soon it was time for them to turn once
again to matters of business. There were rumors of evil hackers afoot
on the Internet, and tales of deadly distributed denial of service
attacks being launched from unguarded systems.
The first systems administrator, his mind still full of Frisbee and
flowers, told his friends that he wasnt going to take any precautions.
"After all," he asked, "what could possibly happen?"
"It's not safe!" the other administrators cried. "The evil hackers will
break in and destroy your systems!"
But the first systems administrator didn't listen. He was too busy
having fun to bother with silly things like firewalls and systems
security.
The second sysadmin was more industrious. She built a firewall using an
old PC and the Linux operating system. She was very proud of her
firewall and moved all of her department's systems behind it.
"I built a firewall," she proclaimed. "Now I can relax and have fun."
"Not so fast," the last systems administrator warned. "You haven't
secured your systems by installing TCP wrappers, and you built your
firewall in five minutes. Don't you know that a poorly configured
firewall is worse than no firewall at all? And have you even bothered
to study the SANS Top 10 list?"
But the second sysadmin didn't want to listen. She was already on her
way back to Starbucks for another espresso.
The third systems administrator shook his head sadly.
"Poor innocents," he thought to himself. "Their time will come. The big
bad hackers will huff, and puff, and blow their systems down."
He trudged back to his office and began installing the latest systems
patches.
Not long afterwards, the first systems administrator was sitting in his
office enjoying a cup of coffee and thinking of nothing in particular.
Suddenly there was a horrendous crash in the hallway and his door flew
open.
"You have to help me!" shouted the wild-eyed faculty member. "All of my
research files are GONE! And I can't get them back! I've lost
EVERYTHING! Do something!"
The first systems administrator grabbed his keyboard. Tappity-tappity-
tap -- his fingers flew across the keys. What he saw made him very
frightened. He slowly turned a sickly shade of green.
"Ummm, I think you've been hacked," he muttered. "Excuse me. I'm going
to be sick now." And he pushed his way past the wild-eyed faculty
member and ran across campus to the office of the second systems
administrator.
The second systems administrator looked up in alarm as the first admin
burst into her office.
"What's wrong?" she asked? "Why are you so green?"
"I've been hacked!" cried the first sysadmin. "All of our files are
corrupt. They own root! I'm going to be fired! You have to help me!"
The second systems administrator leaned back in her chair and pulled at
her chin.
"Not to worry," she said. "We'll just put your critical systems behind
my nifty Linux firewall and they'll be fine. Let's get to work."
So the two sysadmins went to work and began moving machines and
reconfiguring network addresses. After several hours they had the first
system administrator's most critical systems up and running behind the
Linux firewall. They felt very safe and were quite pleased with
themselves. They fired up a Papa Roach MP3 file and kicked back. All
was well with the world.
Not long afterwards the second systems administrator's console beeped.
After she read the message she began to slowly turn white. She shook
her head in disbelief. This couldn't be happening.
"What's wrong, dude?" asked the first admin. "Those burritos you ate at
lunch give you gas?"
The second sysadmin shook her head.
"It's not gas -- it's that darn hacker. He's gotten through my Linux
firewall and is going for root on our departmental server. If that
system gets hacked, my butt is in a sling. That's where our chairman
keeps his research results."
The two admins looked at each other. They both knew there was only one
thing to do: pull the plug. They raced down the hallway to the data
closet and disconnected the network from the building backbone.
"That was close," said the first admin, wiping his brow.
"Yeah, a little too close for comfort," agreed the second. "Now what do
we do? I need to get those systems back on line as soon as possible."
"Why don't we see if the third systems administrator will let us move
the critical machines behind his firewall?" asked the first admin.
So the two chagrined admins gathered their critical systems, loaded
them on a cart and pushed them across campus. The third systems
administrator didn't say a word when they arrived. He simply sat
quietly and looked at them, a sad expression creeping across his face.
"Dudes, I warned you not to leave your systems open. You didn't listen
to me, and now you want me to bail you out. I suppose you want to put
those boxes behind my firewall?"
They nodded slowly and tried to look suitably humble. The third
sysadmin sighed.
"Then let's get started," he said. "Your users will want these machines
back online as soon as possible, and the hacker will be back. But this
time he won't be able to huff, and puff, and blow your systems down."
The three friends spent several hours installing TCP wrappers and IP
chains, adding tripwire and swatch, and configuring the machines to
operate behind a firewall. By the time they finished it was late, and
they were tired and hungry.
"Dudes, I'm ready for some 'za and a beer," said the first admin.
"Excellent suggestion," agreed the second.
"Not so fast," said the third. "Let's sit tight and watch the firewall
logs. That hacker will be back, I can guarantee it, and I want you to
see what happens when he tries go get past my security features."
So the three administrators sat and waited. And watched. And waited. As
they were about to give up and leave, the firewall console beeped.
"It's starting," muttered the third admin. "Here he comes. Let's see
what chops he has."
The wily hacker poked and prodded at all the systems. He huffed and
puffed and tried every technique he knew. But he couldn't get past the
firewall and security software. The third administrator leaned back in
his chair and grinned.
"That old wolf can huff and puff all he wants," he said. "He's not
quite as lame as a script kiddie, but he ain't good enough to get past
what we've put in place. I expect he'll be back, though. With more
tools, more skills and an attitude. We'll need to stay alert by reading
the bugtraq mailing list. But right now I'm feeling the need for
sustenance. Food. Pizza." He grinned.
"Y'all are welcome to leave your systems behind my firewall until we
can build one for each of you. I'll give you a hand tomorrow. Let's
jet."
So the three administrators, being great friends and connoisseurs of
fine beer and pizza, left to find food, while the wily hacker huffed,
and puffed, and pounded unsuccessfully on the firewall.
The End.
About the author(s)
-------------------
Robert Currier has been in data networking for more than 15 years, the
last five as director of data communications at Duke University.
Currier is an accomplished writer, public speaker, and photographer.
His credits include product reviews in Network World, features in PC
Computing, and photographs in the Chronicle of Higher Education.
________________________________________________________________________________
CUSTOMER SERVICE
SUBSCRIBE/UNSUBSCRIBE:
- Go to: http://www.itworld.com/newsletters
- Click on "View my newsletters" to log in and manage your account
- To subscribe, check the box next to the newsletter
- To unsubscribe, uncheck the box next to the newsletter
- When finished, click submit
Questions? Please e-mail customer service at: mailto:support@xxxxxxxxxxx
________________________________________________________________________________
CONTACTS
* Editorial: Andrew Santosusso, Newsletter Editor,
andrew_santosusso@xxxxxxxxxxx
* Advertising: Clare O'Brien, Vice President of Sales,
clare_obrien@xxxxxxxxxxx
* Career Corner: Janis Crowley, Vice President/General Manager, IDG
Recruitment Solutions, janis_crowley@xxxxxxxxxxxxx
* Other inquiries: Jodie Naze, Senior Product Marketing Manager,
jodie_naze@xxxxxxxxxxx
________________________________________________________________________________
PRIVACY POLICY
ITworld.com has been TRUSTe certified
http://www.itworld.com/Privacy/
Copyright 2002 ITworld.com, Inc., All Rights Reserved.
http://www.itworld.com
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.314 / Virus Database: 175 - Release Date: 01/11/2002
-- This is the discussion@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [aclug-L] FW: A Denial-of-Service Tale of Woe,
Dale W Hodge <=
|
|
