[Nottingham] Paranoid already

[Jon Masters]

On Sat, 16 Aug 2003, Michael Leuty wrote:

> Browsing through the archives of the LUG mailing list, I was a bit 
> worried by Johannes Kling's report that one of his customer's machines 
> was cracked, and I wondered to what extent a home user like me is at 
> risk of such things?

Someone at work had their home PC attacked by this MSBlaster Microsoft
Windows 2000+ RPC vulnerability just the other day but on the whole I do
not recall ever hearing of a GNU/Linux user at home having their box
r00ted unless they were running a business or crying out to be cracked.

> I'm running Mandrake 9.1 and have applied all the security updates
<snip>

Which is fair reasonable. Mandrake also add paranoia levels to their
kernels so you can optionally chose a secure setting to turn these on.

For comparison I run GrSecurity on a Debian stable box at home running my
ADSL and IPTables Firewall. I have snort, logcheck, etc. etc.

> My internet connection is via a little black box called
> an "IX66 Internet Gate"

These are quite cute. Intertex boxes unless there is another company with
a product named thusly. I have used one for quite a long time in another
context and find it pretty secure - although turning on full logging used
to reduce these to a crawl. Probably fixed now though.

> which contains both an ADSL modem and a firewall.

I have not seen an vulnerabilities in this product and it seems reasonably
well configured by default.

> Is there any more I could reasonably do, and how much risk might I be 
> running?

>From time to time run "nmap localhost" and "nmap -sU localhost" as root to
check for running services. Also check for vulnerabilities reported in
your kernel version which might be remotely exploitable - if you do not
give out accounts on your box and do not accept incoming connections then
the likelihood of being cracked reduces from extremely unlikely to so
unlikely that you would be more likely to have Bill Gates over for tea.

Jon.