Gone Paranoid: private IP to public IP!!
Juan Manuel Palacios
yellowdog-general@lists.terrasoftsolutions.com
Sat Jun 29 01:51:01 2002
Hello my friends. Until short ago I used to lead a less stressing
life and used to think of a certain luck I had when people discussed
security issues on this list because it practically wasn't any of my
concern. And you want to know why? Well, because I had practically all
my flanks protected: my network users think I'm speaking traditional
chinese when I talk about anything else than Photoshop and Illustrator
and the outside world was kind of inexistent to me because my ISP has
kept me on a private IP basis. My connection to the internet was
masqueraded at least three times (!!) if my suspicions are correct, so
it was next to impossible to get to my network from the outside world.
But now, oh now!!! things have changed a bit and the subject of this
message already says why.
Yesterday I realized that my ISP had changed me from a private
address to a public address just like that, just out of the blues! It
happened when I was checking the IP the ISP provided Cisco router
dynamically assigns to my YellowDog box (which nat's all my hosts), and
saw that it went from a 10.x.x.x address to a 200.x.x.x one. I froze at
the very instant! Of course I was happy when considering all the
advantages this (unrequested) change would bring along (and at no extra
cost), but also was terrified when I realized that my server is
PERFECTLY VISIBLE on the internet now. Of course I did not delay one
second to check the Cisco's own IP and confirm that it and my box's were
perfectly routable and ping'able from the outside world (and off-site
friend confirmed this for me also). At this point all the security
issues I had previously overlooked feel on me like heavy rock and
started searching for possible open holes that might jeopardize the
integrity of my server. Thankfully, but up to a point regrettably, the
Cisco router blocks all lower-numbered port incoming connections, so no
dns, http, ftp, ssh, ... request can make it through, so I guess that
many possible security holes are covered there. But I still considered
the undesired possibility of any malicious hacker getting through and
reaching my server.
So my question here is, what security checks should I perform on my
server to find all potential open holes? What security measures should I
take? What are the obvious steps an intruder would take to find holes
and how can I circumvent that? In short, what are the basic things I
should do to calm down the paranoia-driven thought that I might be
getting hacked right now?!
I still don't know why my ISP made such a strange move. I'm still
thinking that someone gooffed and changed something that shouldn't
have. So maybe my current situation will not last long and I will be
moved to private IPs again shortly. But I really don't care about that
too much right now. The change could be either permanent or temporary, I
want to know that I am as safe and protected as possible against attacks
from people who have nothing better to do.
Thanks in advance for the help and insight on the subject. As I
said before, all this has been something that I have overlooked quite
irresponsibly until now. Unfortunately I'm going to have to learn the
hard way now.
Regards to all and thanks for your time. Sincerely,...
Juan.