| 1 |
Lord Sauron wrote: |
| 2 |
> Sorry to be a bit elementary, but if you're not colocating your box, |
| 3 |
> and you don't often use SSH, you might want to consider disabling |
| 4 |
> remote administrative things. |
| 5 |
|
| 6 |
Of course - disable everything, that you don't need. ESPECIALLY, if it |
| 7 |
is reachable over the network. |
| 8 |
|
| 9 |
> All your Windoze "friend" will try to do is exploit MySQL to pop a DOS |
| 10 |
> shell into your system. |
| 11 |
|
| 12 |
How do you know? |
| 13 |
|
| 14 |
> If you can't disable SSH for some reason, then limit MySQL access to |
| 15 |
> localhost only. |
| 16 |
|
| 17 |
I'd even suggest to make MySQL "skip-networking". If that's set |
| 18 |
in my.cnf, MySQL won't be available via TCP over a network and |
| 19 |
can only be reached over a Unix socket. Maybe that's what you |
| 20 |
meant, but I just fealt like adding that :) |
| 21 |
|
| 22 |
> If you can, what I'd do is try and get the guy's MAC Address or |
| 23 |
> something and then totally block that off. |
| 24 |
|
| 25 |
How should *THAT* help? In 99.9999999999999999999999999999999% of |
| 26 |
the times, the attacker won't be on the same subnet, and thus the |
| 27 |
MAC isn't available. |
| 28 |
|
| 29 |
You can try to block me, my MAC will be either 00:12:17:D4:21:D4 |
| 30 |
or 00:12:17:D4:21:D2. Just tell me, where you blocked me using |
| 31 |
my MAC and I'll see if I can still access. |
| 32 |
|
| 33 |
Alexander Skwar |
| 34 |
-- |
| 35 |
"But this one goes to eleven." |
| 36 |
-- Nigel Tufnel |
| 37 |
-- |
| 38 |
gentoo-user@g.o mailing list |
Archives