Re: Fork bombing a Linux machine as a non-root user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 19 Mar 2005 05:03:38 -0500, M.Rudra <dr.rudra@xxxxxxxxx> wrote:
> On Fri, 18 Mar 2005 23:32:32 -0600, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
[snip]
> > If you have something important, back it up to removable media
> > (CD/DVD/tape/USB hard drive, etc.) and keep it offline.  You are
> > more likely to have a hardware disk problem or make an error
> > yourself that damages the files than to have a security related
> > problem.  Good backups will save your data either way.
> 
> At our hospital we have a proper system with Linux servers and
> backups, staff use a windows-like software custom built to our
> requirements.
> Its the home connection that was attacked twice online so I want to
> install software to secure my home machine.
> 
> This Iptable faq mentions that 2 ethernet cards are required to setup
> a fire wall.
> http://newbiedoc.sourceforge.net/networking/homegateway.html
> 
> Is there an alternative to iptables as i dont have 2 cards and how do
> i get my kernel version? if my kernel is below 2.4 version is there
> any other firewall option on Fedora.
> i tried a command with this result " bash: modprobe: command not found
> " ... actually most commands as a user give above result.
> thanks for your time.
> MR

Hi Dr. Rudra,
You are confusing a firewall box with a software firewall running on
the client machine.  As others have pointed out, you can run IPtables
with only 1 NIC on your PC and it will do what you want.  In fact,
unless you have told it not to run, it is running.
I would highly suggest buying a hardware NAT router.  You should be
able to get one very inexpensively, the non-wireless ones are very
cheap now.  Of course, to use this, you must use broadband and connect
to the internet through your network.  That is, if you have a
cable/DSL modem connected to your computer with an ethernet cable. 
The NAT router should protect you very well, even Windows boxes. 
Granted, it is hard to get through, but not impossible.  It's another
line of defense, and a very effective one.  You shouldn't be afraid to
leave the cable plugged in with a router in the way : ).
If you have FC2 or 3, then you have a 2.6 kernel.  IPtables is the
firewall you want to use.
You are getting the "command not found" message, because the commands
are not in the path of a user.  Use the full path, like
/sbin/modprobe, and some may work.  If you use "su -" to become root,
then all the commands will work without the full path.
If you are not using it, I would suggest that you disable sshd.  It
allows you to login remotely (read over the internet).  As long as you
keep your username/password combinations safe and have strong
passwords (not a single word, fairly long 8 or more characters or
so,uses a mixture of case, numbers, and symbols), you should be fine. 
But I see a sickening number of attempts to connect to the box I have
exposed via ssh.  I have user access limited to one user (with root
access turned off) and have a nice long mixed password, so it is not a
problem.  I haven't ever seen anyone try to use my username yet, so I
think it is safe.
It's always good to have some level of paranoia, but after a certain
point, you are going to be fairly hard to get into.  Most of the game
is to be harder to crack than the next guy.

Jonathan


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux