| 1 |
On 7/5/06, Alexander Skwar <listen@×××××××××××××××.name> wrote: |
| 2 |
> Lord Sauron wrote: |
| 3 |
> > Sorry to be a bit elementary, but if you're not colocating your box, |
| 4 |
> > and you don't often use SSH, you might want to consider disabling |
| 5 |
> > remote administrative things. |
| 6 |
> |
| 7 |
> Of course - disable everything, that you don't need. ESPECIALLY, if it |
| 8 |
> is reachable over the network. |
| 9 |
> |
| 10 |
> > All your Windoze "friend" will try to do is exploit MySQL to pop a DOS |
| 11 |
> > shell into your system. |
| 12 |
> |
| 13 |
> How do you know? |
| 14 |
|
| 15 |
I read a hacker article. It was terribly interesting, but nothing I'd |
| 16 |
actually want to do. I don't think hacking is a worthwhile use of my |
| 17 |
time, however, since I do aspire to host my own server and website, I |
| 18 |
decided it would be good to bone up on attack methods a little bit. |
| 19 |
|
| 20 |
> > If you can't disable SSH for some reason, then limit MySQL access to |
| 21 |
> > localhost only. |
| 22 |
> |
| 23 |
> I'd even suggest to make MySQL "skip-networking". If that's set |
| 24 |
> in my.cnf, MySQL won't be available via TCP over a network and |
| 25 |
> can only be reached over a Unix socket. Maybe that's what you |
| 26 |
> meant, but I just fealt like adding that :) |
| 27 |
|
| 28 |
I'm no pro, but that works. I don't have a lot of experience, so I |
| 29 |
oftentimes just end up speculating on a bunch of educated guesses. |
| 30 |
|
| 31 |
> > If you can, what I'd do is try and get the guy's MAC Address or |
| 32 |
> > something and then totally block that off. |
| 33 |
> |
| 34 |
> How should *THAT* help? In 99.9999999999999999999999999999999% of |
| 35 |
> the times, the attacker won't be on the same subnet, and thus the |
| 36 |
> MAC isn't available. |
| 37 |
|
| 38 |
Couldn't hurt. You never know what you'll find when you tear apart |
| 39 |
some networking packets. I was so alarmed at what I found that I quit |
| 40 |
doing it altogether. Ignorance is bliss, I decided. No, I won't say |
| 41 |
what I found for reasons of protecting the egos of innocent people. |
| 42 |
|
| 43 |
> You can try to block me, my MAC will be either 00:12:17:D4:21:D4 |
| 44 |
> or 00:12:17:D4:21:D2. Just tell me, where you blocked me using |
| 45 |
> my MAC and I'll see if I can still access. |
| 46 |
|
| 47 |
I'll try it someday when I can figure out enough about linux |
| 48 |
networking to do something like that. |
| 49 |
|
| 50 |
-- |
| 51 |
========== GCv3.12 ========== |
| 52 |
GCS d-(++) s+: a? C++ UL+>++++ P+ |
| 53 |
L++ E--- W+(+++) N++ o? K? w--- O? M+ |
| 54 |
V? PS- PE+ Y-(--) PGP- t+++ 5? X R tv-- b+ |
| 55 |
DI+++ D+ G e* h- !r !y |
| 56 |
========= END GCv3.12 ======== |
| 57 |
-- |
| 58 |
gentoo-user@g.o mailing list |
Archives