Slashdot Mirror

http://rootprompt.org/

The tricks of the trade are beyond your comprehension. Read the following articles* and decide for yourself how much you know. You should be very concerned. There are two possible reasons why your network hasn't been cracked yet.

One: all your base stay turned off 24/7.
Two: Your network security people have managed to stay one step ahead of the crack.

[*]
http://rootprompt.org/article.php3?article=403
http://www.securityfocus.com/news/11392

Not a forum but a decent site nonetheless: http://www.rootprompt.org/

Please, give some credits to Rootprompt. I saw this article there first and it's a nice site with some good articles showing up every now and then. Almost completely done by 1 person named Noel

Slackware allows this as well. Its called MAC spoofing

On http://rootprompt.org/ (one of my other home tabs) was this article posted on Saturday (1/14/06) which showed how to build a high performance, 0.5 TB, SCSI RAID array for less than $300. Here's the link, so go take a look, get out your tools, & have at it. http://www.inventgeek.com/Projects/PoorMansRaid/Po orMansRaid.aspx

What self-respecting geek doesn't get the warm fuzzies at the mere mention of the RAID. With the rising GB to Dollar ratio, we felt it was a good time to feature a project that takes Pure Geekieness(TM) and mixes in a good helping of do it your self. Where else are you going to store all those MP3s (legally obtained, of course)? On a single 200 GB Drive? Or a RAID 5 Array? Take you pick, I know where I will be storing mine.

What self-respecting geek doesn't get the warm fuzzies at the mere mention of the RAID. With the rising GB to Dollar ratio, we felt it was a good time to feature a project that takes Pure Geekieness(TM) and mixes in a good helping of do it your self. Where else are you going to store all those MP3s (legally obtained, of course)? On a single 200 GB Drive? Or a RAID 5 Array? Take you pick, I know where I will be storing mine.

This page has a list of podcast clients that will (mostly) work in Linux. BashPodder is even written about in Cochrane's book, for which I really should have given him some props.

I know you're not a Comcast customer because you're online instead of suffering with their randomm DNS outages /rant of a fustrated Comcast customer.

Back in 1998, when I got my home DSL line from Pacific Bell (now SBC), it had a fixed IP address, and required no software to install. I still have the same line, same fixed IP address.

I had constant problems with Pac Bell's DNS, and Email relaying was intermittent and usually slow.

So, I got a cheezo (and I mean CHEEZO!) old pentium, Red Hat 6.x, and set up my own Email/DNS/NAT gateway. I worked at it, until I felt familiar with the *nix command line while doing all this. That computer, hardware upgraded a few times, and now running RedHat 7.2 with progeny updates for security patches, runs today, and is routing the packets this post is submitted on.

I was new to Linux. Time went by, and my skillset steadily improved with frequent hits to here, Root Prompt, Linux Today, the local Barnes and Noble for a big, fat book every few months, and whatever else strikes my fancy.

Now, years later, I get paid quite well by several companies to provide these exact services - Email, DNS, etc. as well as various Database and Web-based softwares.

Take your frustrations, and turn them to your advantage. It's a path. Walk it, work to be the best, and it'll pay nicely. Oh, and I never have problems with SBC's DNS or SMTP relays, since I haven't used either since 1998!

> What matters is that this article quality on /. is substandard and causing me to look for alternatives to /.

http://technocrat.net/

And as a supplement for OSS/UNIX/Linux stuff in particular, I like:

http://rootprompt.org/
http://www.librenix.com/

As an actively employed "Linux Systems Administrator" (my real job title) I must concur with "damiangerous." While I was a windows admin I set up multiple linux boxes out of curiosity, slackware, rh5, and it was interesting and educational, but once I was done I just sort of looked at them and was like "Now What?"

Only after I attended a 3 night a week month long class did it all come together.

Well, as "an actively employed "Linux Systems Administrator" (my real job title)" I can say that I followed a different path. There just weren't any decent classes anywhere near me unless I was willing to drive several hours each way, twice a week.

It started with me getting rid of Windows on my personal workstation, and using only Linux. I bought every book I thought might help, and became an avid reader of sites like http://rootprompt.org/ and http://www.linuxtoday.com (though the latter is mostly advocacy)

It also helps to know a few other people - I've offered and received useful tips from other experienced techs.

It was about a year before I truly "got" Linux - I noticed it when I sat down at a Windows system and immediately felt "cramped" because of all the limitations on what I was doing.

The single book that helped me most get going was "Red Hat Linux Unleashed".

Nothing to back them up, eh?

Fact: OpenBSD has had one, count it, one remote hole in the default install in *eight years*. See http://www.openbsd.org/

Fact: Linux is a kernel, not a complete system, so without some more community-building and standardizing and code merging to come up with a base system universal to the distributions, there's no way Linux -- as opposed to individual vendors thereof -- can ever have a secure default install of a useable system.

Fact: Many people in the industry regard OpenBSD as the most secure OS generally available. This only indirectly supports the point, but nevertheless lends credibility thereto. See http://www.onlamp.com/pub/a/bsd/2000/08/08/OpenBSD .html and http://rootprompt.org/article.php3?article=832

http://rootprompt.org/article.php3?article=5586

From the following link to rootprompt

GNU/Linux might be free of SCO threats. SCO's Blake Stowell admits to MozillaQuest Magazine (mozillaquest.com) that SCO-Caldera does not own the copyrights to JFS (Journaling File System), RCU (Read, Copy, and Update), NUMA (Non-uniform Memory Access) software, and other IBM-developed AIX code that IBM contributed to the Linux kernel. That could make it very difficult for SCO-Caldera to pursue its threatened copyright infringement claims against GNU/Linux users who refuse to buy SCO UnixWare licenses in order to run the GNU/Linux operating system. The SCO v IBM lawsuit is about breach of contract and other tort claims. It is not about copyright infringement. Those issues remain in dispute.

The full story was discussed in MozillaQuest back in July.

Joe Barr reads the future of GNU/Linux and the SCO lawsuit is explained in easy to undsertand pictures. WARNING this link contains a link to Photo's from the Dukes of Hazard

Totally on-topic co-incidence; just a little while ago I ran into a pointer to the MNET project.

When the Mojo Nation P2P effort ran out of money they released the client code under the GPL (it is in Python). MNET is a stripped-down variant of the code (without the micropayment kruft) delivered as an API with some sample apps, one of which is a file sharing application.

So, if you know a little Python, you can grab MNET and whip up your own distributed file-sharing network. Cool!

MIT's SuperArchive

Grabbe the link off of rootprompt in case any of you care

You're going to take one hell of a beating for that. Check the links on the page below for more consistent tech news. You'll see a few familiar names; just skip them.

http://rootprompt.org/links.html

By the end of it, you can actually do something (gasp!) useful in some circumstances.

Here's the text

Samba how-to articles start off with how to write a configuration file so that your linux box can export a disk or print share that could be read by a windows client on the same network. I think this is a big mistake. The first thing you should show someone is the simplest possible command that acutaly makes something interesting happen. The time to explain the smb.conf file is when the next most interesting, complex experiment requires it, not before. There are a few very interesting and useful commands you can type that don't require that smb.conf even exists, let alone that the smbd and nmbd deamons are running.

Without further adieu, here is the simplest command:

smbclient -L server1 -U user%pass

If you type this command into a bash prompt on a linux box, it will attempt to contact the machine with netbios name 'server1' on your network and get a list of all the disk and print shares it is exporting to the windows network neighborhood. It will do so using the username 'user' and password 'pass'. If you, as I do, run linux on your office workstation on a lan with a bunch of machines running windows, this is the first thing you would want to do.

The next most interesting command looks like this:

smbclient //server1/share1 -U user%pass

This will attempt to connect you to the remote disk or print share 'share1' on the machine with netbios name 'server1'. If successful, you will be sitting at a command prompt at which you can use commands like cd, ls, get, and put, mkdir, rmdir, rm, ..., provided, of course, the username and password you used allow you such access to the remote share. If '//server/share1' is a print share, the command 'print file1' will send the local file 'file1' to the printer. If the printer is a postscript printer, you are in luck as most linux software prints to postscript files by default. If it is an ink jet printer, then you will need to use ghostscript to convert the postscript file to a file of the printer's format first, then send that file with smbclient.

Now go have fun, y'all

Mostly places like rootprompt, and The Register. If you go to rootprompt, there's a whole bunch of unix-related links in the links bar to the right.

One word : unacceptable. These make me sick. I can understand the need to make enough money to keep the site going, and that's fine, but nothing is gonna make me endure that. Sorry.

Maybe I will buy a subscription to disable the ads, but I wonder. The quality has gone down the toilet since Andover had been taken over by VA. Considering these "reorganisation", we can wonder how low /. is gonna go. Who would pay for another ZDNet ? Not me ...

Now about the replacement :

• Ars Technica : Good technical stuff, very diversified. Especially, the discussion section, "Ask Slashdot" on steroids.
• Rootprompt : Unix-only, high volume.
• Kuro5hin : Less technical but more socially oriented discussion. Very high discussion level (but a bit too US-centric, IMHO).

Unfortunately, none of these can give me EVERYTHING I want to read at the same place (like /. used to do). I will miss that.

How to set up your own honeypot
This is another interesting article on building your own honeypot.
Or paste: http://www.rootprompt.org/article.php3?article=210

Securly erasing magnetic media beyond any hope of recovery without destroying the media is *hard*.

For a full account of the problems involved, read this.

-henrik

I get hit with about 10-15 of these a day:

Apr 22 06:17:20 mayday portsentry[9235]: attackalert: Connect from host: 211.205.178.64/211.205.178.64 to TCP port: 111
Apr 22 06:17:20 mayday portsentry[9235]: attackalert: Host 211.205.178.64 has been blocked via dropped route using command: "/etc/portsentry/portsentry.bash 211.205.178.64 111"


I know what the port 111 exploit is, but I have never used it, yet I get many hits from this exploit a day on my servers. This is just one hit. I know how to stop it (portsentry/ipchains is a wonderful thing) and as you can see it is logged.

There are many more attacks coming in, this is just one example. Sure, I can read on how they are performed, but that only makes me book-smart. I need to be able to see in real-time (or playback) exactly what a black-hat is going to do with my systems.

Honeypots/nets also give crackers a chance to practice their skills -- which can then be used against real targets -- with little repercussion.

Perhaps you should read this. It shows you the "proper" way to setup a honeypot so that it cannot be used as a jump-point. I don't want to be just book-smart when it comes to my network. I want to know how they get in and what they do. Yes, I have secured my network (as best as you can that is) but that is not the point. Eventually *SOMEONE* is going to get in, somehow. I am going to be the one picking up the pieces when it happens. I would love to say that I am "good enough" that no one will crack my network, but I don't believe anyone is.

What I expect to learn from crackers hitting my honeypot is an overall "pattern". I expect to learn how to become a black hat, because it will make me a better white hat.

How much more can we really learn from the drooling 13-year-old script kiddies of the world?

Not all crackers fit that description I am guessing. Hopefully a honeypot will help me find this out for certain.

There's already a site that fills most of the criteria you've listed... rootprompt. Its like slashdot without the politics.... well sort of. Its one of the few tech sites I visit regularly.

It's quite an old news, please go to The Motives and Psychology of Black-hats in RootPrompt for detail.

Reading the IRC logs in the article you will find that there's one Pakistani hacker D1ck got caught in the honeypot, I suspected 'a group of suspected Pakistani hackers' is an overstatement, because the rest of the hackers are americans, say j4n3.

D1ck did say his main target was indian's website, but he did also initiate DDOS attack to some US websites, with the help of other US hackers.

In my point of view, it's more accurate to say "a group of US hackers and a pakistani hacker"

The ZDNet article does not mention how to build a honeypot, read Build a Honeypot for a hint.

It's quite an old news, please go to The Motives and Psychology of Black-hats in RootPrompt for detail.

Reading the IRC logs in the article you will find that there's one Pakistani hacker D1ck got caught in the honeypot, I suspected 'a group of suspected Pakistani hackers' is an overstatement, because the rest of the hackers are americans, say j4n3.

D1ck did say his main target was indian's website, but he did also initiate DDOS attack to some US websites, with the help of other US hackers.

In my point of view, it's more accurate to say "a group of US hackers and a pakistani hacker"

The ZDNet article does not mention how to build a honeypot, read Build a Honeypot for a hint.

The other Slashdot article has a link to an article (http://rootprompt.org/article.php3?article=210) describing how honeypots are configured. Often they go through a firewall that allows anything in, but restricts traffic out. In this case, the firewall is protecting the Internet from the menace of the honeypot, rather than firewalling the honeypot from the menace of the Internet.

--

I have done some Linux tutorials and the sites I have utilized the most have been Rootprompt.org and LinuxSecurity.com. Rootprompt has alot of excellent "essays" on lots of different topics relating to Unix and Linux that can easily be converted to micro-lectures.

LinuxSecurity is more specialized, but when you do get to your security lecture, their "Reference Card" is indisposable.

Hope this helps some, and keep teaching!

-Redux

My question is simple: what is unauthorized use? Does authorized mean "written permission"? Or is it implied?

I ask because of a simple case of sendmail: if it is running, is that an implicit authorization to send email to the owner via that port? I saw an article over at rootprompt where a sysadmin tried to contact the owner of a box by sending him email via the sendmail port of the box (the box was apparently on a DSL line). The owner got all pissed because he didn't "authorize" the sysadmin to use that machine. The sysadmin argued that sendmail was PRECISELY for doing exactly what he did--sending email.

This may seem stupid to most of you, but remember that many people do not understand the technology they use, let alone legislate about. Could this law be used for suing people who connect to your machine? If you have sendmail up, and someone connects to it, is it their fault or yours? What about FTP and HTTP? If you do a base install of RedHat, you get FTP, HTTPd, Sendmail and a bunch of others. If someone connects to your web page or your FTP server, is that unauthorized?

There are obviously two sides to this issue. I personally get all paranoid when people connect to my box--it is a firewall with nothing running but ssh and ident. If someone tries to connect to my RPC port (i.e. NFS), I am a bit suspicious of their intentions. So this is unauthorized? But what about someone who gets hacked and my machine's address is used as a decoy (or in the case of ADSL with PPPoE, I'm now at the address that was used to attack them, but I'm a different person) and they run a port scan in an attempt to figure out if I am hostile. Does a port scan count as "unauthorized"?

The issue is pretty simple: the techniques used by crackers are legitmate techniques used by security concscious sysadmins every day. Will clueless legislation start to put honest, hardworking sysadmins at risk?

My feeling is "yes". And that bothers me. Sigh.

RootPrompt.org -- Nothing but Unix

I just checked Richard Stallman's article, with that horrible login message from the University of Chicago (?). It was practically indentical to the one the FBI recommended to the guy who wrote the article on Root Prompt on being cracked.

There are a bunch of issues here. The whole point of copyright is that if you create something, you have a right to define how it gets used. You can require your readers and/or users to do something completely idiotic if you want, and they have to right to not use it.

The concept of time limited, updateable textbooks is actually interesting. My twenty year old college textbooks are on my shelves at work, where I use them for reference. An update feature would be really nice, especially if it is available to someone who is poking around my mouth with medical instruments. I would revolt at the $1200US annual price though.

Colleges have the option of not using these services if they are against the interests of the students.

Or Advogato or Bruce Perens's Technocrat.net or RootPrompt (of the Cracked! series), or even SmokeDot (though I don't frequent the last one). Slashdot alternatives are a dime a dozen, although I personally think Advogato is really neat, and that K5 was at or near its tipping point to gain equal stature with /. when it went down (which raises suspicions of /.-Andover.net-VALinux conspiracies in minds bogglier than mine). I have a paper I wrote about what makes /. popular, and what would make other sites replace /. Email me to get it.

Anyway, I don't believe Taco has an obligation to post what he thinks the /. readership is interested in. I think he should select what he's interested in and maybe then make a subselection of what he thinks would interest the readers. IMO the personality of the authors is what makes slashdot interesting and when you take that away it loses its charm.

Rob has a bit in the FAQ about that, as to why he won't do K5-type story moderation and submission. He basically says that he think /. is the way it is, and special, because of the unique, exclusive mix of editors and their interests, and he will only go so far in 'open-sourcing' the story posting process. I say, K5 was the first site to take OS philosophy all the way in a /.-style site, and the next one might be the "Slashdot-killer."

Noel

RootPrompt.org -- Nothing but Unix

I can only plead inexperience and that I was a part time volunteer with a real job and a family.

In hindsight I see many things I should have done differently.

Noel

RootPrompt.org -- Nothing but Unix

Secure deletion of data... Tells you how much data is kept in these supposedly volatile memory chips, and how to go about getting it out.

There is a pretty good (true story) tale of a community network getting cracked here. Starts off with your typical denial of vulnerability and steps through rebuilding the system and even chatting with the cracker on IRC. Not as much tech info in this one, but a good read (most of RootPrompt is good reading :).

I noticed that the first article doesn't yet link to the (most recent) 6th one. Here's the link:
Cracked! Part 6: Talking with the Enemy

There is a pretty good (true story) tale of a community network getting cracked here. Starts off with your typical denial of vulnerability and steps through rebuilding the system and even chatting with the cracker on IRC. Not as much tech info in this one, but a good read (most of RootPrompt is good reading :).

I noticed that the first article doesn't yet link to the (most recent) 6th one. Here's the link:
Cracked! Part 6: Talking with the Enemy

if you ever catch a kiddie on your system (logged in), don't just boot him off. 'talk' him. Make sure he knows that there are people behind these machines, and that they're not just machines to be played with.
Won't this give him/her the impression that your respectfull or afraid of his/her 'skillz'?, I would suggest that this just boosts the ego of these sad little f**ks and prompts them to persue it more, but I wouldn't boot him off stright away either, find out how he got in, close that door and then boot and ignore.
BTW, this has been at Root Prompt for a while, it's part of a series of episodes that detail an actual crack from the SA point of view. Check it out.

Now, This Root Prompt article is the best read I've had since I can remember. Yes, it was mentioned above, but, re-iterating the link does no disservice to anyone who truly cares about security.

Take 10 and go read it.

Linux rocks!!! www.dedserius.com

It is back up now. :)

Noel

RootPrompt.org -- Nothing but Unix

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, noeld@pair.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

couldn't spawn child process:
/usr/www/cgi-bin/php-cgiwrap

Noel, please fix! I was about to read the last installment! The suspense is unbearable.

Now don't get me wrong, I think that article moderation should be debated from time to time, but this case is not a good example of it. This article is dated today on rootprompt itself and is posted at the top of kuro5hin today as well. It seems unlikely that all three sources would be mistaken.

Noel

RootPrompt.org -- Nothing but Unix

For some reason, /. split my end link tag in the textbox and did wierd things (wasn't my fault! honest!). The Watching and Waiting link is here.

It is also important to remember that new versions of software fix old holes and create new ones, and that admins should look out for fixes and new dangers when installing software.

rootprompt.org has a lot of security stuff. I find two serials paticularly interesting Watching and Waiting, about what happens when a system gets cracked, and Know your Enemy, about how a typical cracker works.

It is also important to remember that new versions of software fix old holes and create new ones, and that admins should look out for fixes and new dangers when installing software.

rootprompt.org has a lot of security stuff. I find two serials paticularly interesting Watching and Waiting, about what happens when a system gets cracked, and Know your Enemy, about how a typical cracker works.