Gone Paranoid: private IP to public IP!!

Juan Manuel Palacios yellowdog-general@lists.terrasoftsolutions.com
Sat Jun 29 01:51:01 2002 

	Hello my friends. Until short ago I used to lead a less stressing 
life and used to think of a certain luck I had when people discussed 
security issues on this list because it practically wasn't any of my 
concern. And you want to know why? Well, because I had practically all 
my flanks protected: my network users think I'm speaking traditional 
chinese when I talk about anything else than Photoshop and Illustrator 
and the outside world was kind of inexistent to me because my ISP has 
kept me on a private IP basis. My connection to the internet was 
masqueraded at least three times (!!) if my suspicions are correct, so 
it was next to impossible to get to my network from the outside world. 
But now, oh now!!! things have changed a bit and the subject of this 
message already says why.

	Yesterday I realized that my ISP had changed me from a private 
address to a public address just like that, just out of the blues! It 
happened when I was checking the IP the ISP provided Cisco router 
dynamically assigns to my YellowDog box (which nat's all my hosts), and 
saw that it went from a 10.x.x.x address to a 200.x.x.x one. I froze at 
the very instant! Of course I was happy when considering all the 
advantages this (unrequested) change would bring along (and at no extra 
cost), but also was terrified when I realized that my server is 
PERFECTLY VISIBLE on the internet now. Of course I did not delay one 
second to check the Cisco's own IP and confirm that it and my box's were 
perfectly routable and ping'able from the outside world (and off-site 
friend confirmed this for me also). At this point all the security 
issues I had previously overlooked feel on me like heavy rock and 
started searching for possible open holes that might jeopardize the 
integrity of my server. Thankfully, but up to a point regrettably, the 
Cisco router blocks all lower-numbered port incoming connections, so no 
dns, http, ftp, ssh, ... request can make it through, so I guess that 
many possible security holes are covered there. But I still considered 
the undesired possibility of any malicious hacker getting through and 
reaching my server.

	So my question here is, what security checks should I perform on my 
server to find all potential open holes? What security measures should I 
take? What are the obvious steps an intruder would take to find holes 
and how can I circumvent that? In short, what are the basic things I 
should do to calm down the paranoia-driven thought that I might be 
getting hacked right now?!

	I still don't know why my ISP made such a strange move. I'm still 
thinking that someone gooffed  and changed something that shouldn't 
have. So maybe my current situation will not last long and I will be 
moved to private IPs again shortly. But I really don't care about that 
too much right now. The change could be either permanent or temporary, I 
want to know that I am as safe and protected as possible against attacks 
from people who have nothing better to do.

	Thanks in advance for the help and insight on the subject. As I 
said before, all this has been something that I have overlooked quite 
irresponsibly until now. Unfortunately I'm going to have to learn the 
hard way now.

	Regards to all and thanks for your time. Sincerely,...


		Juan.