(Disclaimer: I teach the following courses) SANS has two 6-day courses on Linux and Unix; Linux System Administration (track 408) and Securing Linux and Unix (track 506). Both are hand-on courses that require laptops. The first focuses on system administration, the second on hardening and security, with a small amount of overlap. --Bill
In a related story, Linus Torvalds was forced to announce today that the source code for the Linux operating system was made public on the Internet.
"We're not sure how it was leaked. What's up there certainly looks legitimate, and we've had some reports that some of it even compiles. It appears it may have been leaked back in August, 1991, originally to an FTP server in Finland."
There are at least 3 servers that appear to have Linux source code available, although online discussions indicate that there may be many more. There is speculation that the code can e acquired through FTP, Gopher, HTTP, Bittorrent, Rsync, SMB, NFS, AFS, Freenet, and that people may even be _selling_ CS's and DVD's with the code.
SCO was quick to comment that "After they copied those 5 lines from one of our header files, the {deleted} deserved it. As soon as we find a person in our company that knows how to download a file, we'll be comparing every line of Linux to this stuff we bought from AT&T. Oh hey! We've already found something - they copied the word '#include' from us!" The phone interview was cut short as Mr. McBride was called away to launch a new lawsuit.
Law enforcement agencies have been contacted and are investigating, but the process is slow as the officers are heard to exclaim "Wow, it has a GUI?", "Damn, this is stable - I can't crash it at all!", "Whadda you mean, Office is included?", and "How do I turn off the grappling hook and use the rocket launcher?"
(I do realize that the post was supposed to be funny, but I suspect that people will wonder why there aren't more if the 13 get overloaded). This was tried a few years back; additional nameservers were put in place. Because the query for the root nameservers no longer fit in a udp packet, dns servers had to fall back to dns/tcp requests just to get the list of root nameservers, and we were reminded that a large number of firewalls block dns/tcp. With so many sites no longer able to make any dns lookups, the number was dropped back to 13 within a day.
For those that would like to try the dnstop package mentioned on the site, I have signed rpms available.
I have a similar script called rsync-backup. This one does automatic daily snapshots, works over ssh, and uses rsync and hardlinks (to save space), chroot, and an ssh forced command for security.
Eric Raymond's retrocumputing museum
on
Do You Remember Bob?
·
· Score: 3, Informative
For those interested in old languages...
"The Retrocomputing Museum is dedicated to programs that induce sensations that hover somewhere between nostalgia and nausea -- the freaks, jokes, and fossils of computing history. Our exhibits include many languages, some machine emulators, and a few games.
Most are living history -- environments that were once important, but are now merely antiques. A few never previously existed except as thought experiments or pranks. Most, we hope, convey the hacker spirit -- and if not that, then at least a hint of what life was like back when programmers were real men and sheep were nervous."
100% agreed; when Ramen came out it exploited vulnerabilities that had been patched 3 and 6 months before.
Just for reference, there are detection and removal tools for all of these worms at ISTS/Dartmouth College. GPL'd, source at www.stearns.org/detectlib. (Many thanks to ISTS and SANS for their contributions).
Re:How is this a Linux problem?
on
New Linux Worm
·
· Score: 1
It's simultaneously a Linux problem and a bind
problem. It uses binaries compiled for Linux/i386
that attack vulnerable versions of the bind nameserver.
Slashdot Mirror
(Disclaimer: I teach the following courses) SANS has two 6-day courses on Linux and Unix; Linux System Administration (track 408) and Securing Linux and Unix (track 506). Both are hand-on courses that require laptops. The first focuses on system administration, the second on hardening and security, with a small amount of overlap. --Bill
In a related story, Linus Torvalds was forced to announce today that the source code for the Linux operating system was made public on the Internet.
"We're not sure how it was leaked. What's up there certainly looks legitimate, and we've had some reports that some of it even compiles. It appears it may have been leaked back in August, 1991, originally to an FTP server in Finland."
There are at least 3 servers that appear to have Linux source code available, although online discussions indicate that there may be many more. There is speculation that the code can e acquired through FTP, Gopher, HTTP, Bittorrent, Rsync, SMB, NFS, AFS, Freenet, and that people may even be _selling_ CS's and DVD's with the code.
SCO was quick to comment that "After they copied those 5 lines from one of our header files, the {deleted} deserved it. As soon as we find a person in our company that knows how to download a file, we'll be comparing every line of Linux to this stuff we bought from AT&T. Oh hey! We've already found something - they copied the word '#include' from us!" The phone interview was cut short as Mr. McBride was called away to launch a new lawsuit.
Law enforcement agencies have been contacted and are investigating, but the process is slow as the officers are heard to exclaim "Wow, it has a GUI?", "Damn, this is stable - I can't crash it at all!", "Whadda you mean, Office is included?", and "How do I turn off the grappling hook and use the rocket launcher?"
I have an article on illegal activities under this law at: http://www.stearns.org/doc/networking-felony.curre nt.html.
(I do realize that the post was supposed to be funny, but I suspect that people will wonder why there aren't more if the 13 get overloaded). This was tried a few years back; additional nameservers were put in place. Because the query for the root nameservers no longer fit in a udp packet, dns servers had to fall back to dns/tcp requests just to get the list of root nameservers, and we were reminded that a large number of firewalls block dns/tcp. With so many sites no longer able to make any dns lookups, the number was dropped back to 13 within a day.
For those that would like to try the dnstop package mentioned on the site, I have signed rpms available.
Linux RPMs of the tool can be found at http://www.stearns.org/iip/. Also, there's a public server at wstearns.stearns.org:6667
I have a similar script called rsync-backup. This one does automatic daily snapshots, works over ssh, and uses rsync and hardlinks (to save space), chroot, and an ssh forced command for security.
For those interested in old languages...
"The Retrocomputing Museum is dedicated to programs that induce sensations that hover somewhere between nostalgia and nausea -- the freaks, jokes, and fossils of computing history. Our exhibits include many languages, some machine emulators, and a few games.
Most are living history -- environments that were once important, but are now merely antiques. A few never previously existed except as thought experiments or pranks. Most, we hope, convey the hacker spirit -- and if not that, then at least a hint of what life was like back when programmers were real men and sheep were nervous."
http://www.tuxedo.org/~esr/retro/
100% agreed; when Ramen came out it exploited vulnerabilities that had been patched 3 and 6 months before.
Just for reference, there are detection and removal tools for all of these worms at ISTS/Dartmouth College. GPL'd, source at www.stearns.org/detectlib. (Many thanks to ISTS and SANS for their contributions).
It's simultaneously a Linux problem and a bind
problem. It uses binaries compiled for Linux/i386
that attack vulnerable versions of the bind nameserver.