Gone Paranoid: private IP to public IP!!

[Iain Stevenson]

I suggest, others may add ...

- go through /etc/xinetd.conf and disable anything you don't need
- make sure tcpwrappers is correctly installed and that /etc/hosts.allow 
and /etc/hosts.deny are configured correctly
- don't run nfs unless you need it
- install gShield or some other iptables based firewall script - this can 
block high port access amongst other things

If you get to the stage in future where the ports for http and ssh are 
externally accessible you may want to install the latest versions of apache 
and ssh too.  You would also need to make sure that sendmail/postfix/exim 
or whatever you use to send mail is configured so as not to relay mail from 
external systems.

HTH

  Iain


--On Saturday, June 29, 2002 3:53 am -0400 Juan Manuel Palacios 
<jmpalacios@mac.com> wrote:

>
>
> 	Hello my friends. Until short ago I used to lead a less stressing life
> and used to think of a certain luck I had when people discussed security
> issues on this list because it practically wasn't any of my concern. And
> you want to know why? Well, because I had practically all my flanks
> protected: my network users think I'm speaking traditional chinese when I
> talk about anything else than Photoshop and Illustrator and the outside
> world was kind of inexistent to me because my ISP has kept me on a
> private IP basis. My connection to the internet was masqueraded at least
> three times (!!) if my suspicions are correct, so it was next to
> impossible to get to my network from the outside world. But now, oh
> now!!! things have changed a bit and the subject of this message already
> says why.
>
> 	Yesterday I realized that my ISP had changed me from a private address
> to a public address just like that, just out of the blues! It happened
> when I was checking the IP the ISP provided Cisco router dynamically
> assigns to my YellowDog box (which nat's all my hosts), and saw that it
> went from a 10.x.x.x address to a 200.x.x.x one. I froze at the very
> instant! Of course I was happy when considering all the advantages this
> (unrequested) change would bring along (and at no extra cost), but also
> was terrified when I realized that my server is PERFECTLY VISIBLE on the
> internet now. Of course I did not delay one second to check the Cisco's
> own IP and confirm that it and my box's were perfectly routable and
> ping'able from the outside world (and off-site friend confirmed this for
> me also). At this point all the security issues I had previously
> overlooked feel on me like heavy rock and started searching for possible
> open holes that might jeopardize the integrity of my server. Thankfully,
> but up to a point regrettably, the Cisco router blocks all lower-numbered
> port incoming connections, so no dns, http, ftp, ssh, ... request can
> make it through, so I guess that many possible security holes are covered
> there. But I still considered the undesired possibility of any malicious
> hacker getting through and reaching my server.
>
> 	So my question here is, what security checks should I perform on my
> server to find all potential open holes? What security measures should I
> take? What are the obvious steps an intruder would take to find holes and
> how can I circumvent that? In short, what are the basic things I should
> do to calm down the paranoia-driven thought that I might be getting
> hacked right now?!
>
> 	I still don't know why my ISP made such a strange move. I'm still
> thinking that someone gooffed  and changed something that shouldn't have.
> So maybe my current situation will not last long and I will be moved to
> private IPs again shortly. But I really don't care about that too much
> right now. The change could be either permanent or temporary, I want to
> know that I am as safe and protected as possible against attacks from
> people who have nothing better to do.
>
> 	Thanks in advance for the help and insight on the subject. As I said
> before, all this has been something that I have overlooked quite
> irresponsibly until now. Unfortunately I'm going to have to learn the
> hard way now.
>
> 	Regards to all and thanks for your time. Sincerely,...
>
>
> 		Juan.
>
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
>
>