I setup up a Slackware box as a gateway and firewall recenctly.
Some guy who apparently works for a security company claims to have 'done a
security probe on our ip' and found that we had a telnet and chargen exploit
amognst others.
The only thing is I'm not running telnet nor chargen on the slackware box...
and the only port you can actually initiate a connection on from outside our
internal ip range is (ie from the internet) is port 25... which gets
forwarded to a windows nt 4 server.
Now either this guy is lying about telnet,chargen and others or he has found
a way to exploit exchange server such that it provides access to say a
buffer overflow on the windows box and from they say running a telnet
session on the windows box, he has managed to find an exploit on the slack
box.... or he has found a way to overcome the fact that I am dropping
connections by default on all ports on the firewall bar port 25 which gets
forwarded <something I'm sure the kernel hackers might be quite interested
in>.
The thing is that he is living with one of the other developers I work with
and I have been asked to reveal the root password for my Slackware box.
<Advice appreciated>
Bod
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
