[XCSSA] Security advice

[tweeks]

firestorm_v1 wrote:
> 
> I need some security advice. I have a NAT-firewalling router running
> RedHat 7.2. Using ipchains and the (in)famous PMfirewall script I have
> blocked access to all but two outside ports, SSH and HTTP (port 8080)
> 
> I have been advised that SSH protocol 1 is not secure, so I am running
> SSH2 only. I used the "UseProtocol 2" statement in /etc/ssh/sshd_config

That's good...  don't do a "UseProtocol 2,1" as many suggest.


 
> I have been advised that using IPchains is vulnerable to outside attacks.
> Is this true?  I know that SSH and HTTP are vulnerable, but how can you
> hack a port that doesn't respond in the first place?


Well.. I don't know about a vulnerability in the stack or ipchains
kern.mod... didn't see anything on CERT.  But depending on how ipchains
is implemented, you can self inflict a DoS attack out of a simple
stealth SYN attack (I've seen this happen).

For example, if someone pours SYNs at your box (to try to slow it down
or DoS it) or hits randomports, and you have your ipchains set to
respond to tightly (to block out  various types of unwanted incoming
traffic); then by closing off random (stealth) IPs, you slowly mask out
large segments of the internet from getting to your box.

 
> I'm open to suggestions on what I need to make sure that this router
> stays (more or less) secure. 

Unless someone else knows something more to watch out for with ipchains
configs, that's all that comes to mind for me.


Tweeks


> I knw that just having a public IP address
> is bad enough to get hacked but I would like more info on this matter.
> 
> Thanks!
> 
> --
> FIRESTORM_v1
> "Partnership for an idiot-free America"
> http://www.theratshack.net
> http://lanparty.theratshack.net (One >NEW< lan party)
> 
> _______________________________________________
> XCSSA mailing list
> XCSSA@xcssa.org
> http://xcssa.org/mailman/listinfo/xcssa