Big Bad Beowulfs Again

Gerry Creager N5JXS gerry at cs.tamu.edu
Sun May 14 12:36:27 PDT 2000 

dwight wrote:
> 
> Gerry Creager N5JXS wrote:
> 
> >
> >
> > We still get hit, but we take a proactive role in security here at
> > TAMU.  (That's not an invitation, OK?)... When I got hit by a wu-ftpd
> > buffer overflow intrusion about a year ago, the penetration was thru 2
> > @HOME.com machines that had absolutely nothing done for hardening
> > following installation of stock RedHat.  This is a valid hole.  And I'll
> > concede that enough University environments don't attempt to tighten up
> > their systems to make .edu a real potential vulnerabilty as well.
> >
> 
> IMHO anyone who uses wu-ftpd shouldn't complain about being hit;
> it has had well-known security problems in the past, and I don't believe
> anyone's ever signed off on a proper security audit of it.

wu-ftp is an easy, and distributed, install.  It's not the most secure
in hte world by several places.  Patch after patch comes out.  That
said, there are ways to tighten up your system even with wu-ftp so that
a reasonable audit will pass.  And there are times when a reasonable
audit isn't good enough: I'd never contemplate using it for our
department servers, for example.
 
> You raise an important point though; and while it's not directly related
> to Beowulfs, it does pertain to many on this list, so I'll take the liberty
> of addressing it here.
> 
> Many people are under the wrong impression about DHCP accounts.
> Their reasoning goes that if their IP address is dynamic, then they are
> probably safe from attacks, as who'd be looking to attack their machine?
> 
> This is absolutely wrong. What they don't realize is that they are a PRIME
> target for attacks.
> 
> The reason being is that the majority of such users believe that their
> "anonymity" helps keep them safe (or they are completely clueless about
> these matters), and so they don't bother with paying attention to security.
> Hence they are an easy target;  and if an attacker is lucky, perhaps the LEOs
> will pin the blame on the poor fool who was simply surfing the web.

Security by obscurity is rapidly becoming a very bad option in today's
world.
 
> I have actually seen penetration attempts myself on a DHCP account; and
> I have other friends in the security biz who have also. And I'm speaking
> of the common cable, dial-up, etc., standard ISP accounts that people use.

I've several friends who see port scans if they're connected (using
DHCP) for more than 45-60 minutes.  Most have implemented one or another
NAT-plus-firewall scheme to add a layer of sophistication between the
modem and their working system.
 
> Most of the amateurs still try to roll the static IP's; but the really talented ones
> have added the easier pickings to their lists.

Indeed.  Very true.

Gerry
--
Gerry Creager		gerry at cs.tamu.edu, gerry at page4.cs.tamu.edu
Network Engineering			|Geodesy
Computer Science Department		|Satellite Geodesy and Control
Texas A&M University			|
979.458.4020

More information about the Beowulf mailing list