l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2008 Aug 16 12:56

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Verify Ubuntu files
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Verify Ubuntu files

Gandalf Parker wrote:
> On the other hand, most attacks arent real hackers. Real hackers are rare. 
> Most attacks are script-kiddies, and some are crackers, but few are 
> hackers.

I'd disagree with that one, it definitely was true.  But increasingly the 
quality of attacks are improving.  While the average skill of the attacker 
hasn't increased (still lots of script kiddies) the better attackers are 
getting more organized, and leveraging various pieces of p2p technology to 
make resilient hard to detect networks that can attack 100M machines in
just a few minutes.

So I'd say that most attacks these days don't involve humans, but are a direct 
result of someone being pretty smart.

> Hackers are knowledgeable and experimentally minded. They do not 
> use standard tools and therefore standard tools tend to not work as well 
> for them. Also a surprising number of hackers are not malicious, just 
> irritating.

Again years ago I'd agree, these days the non-malicious attacker is in the 
small minority.

> Script-kiddies are the vast majority and most likely to hit a home system. 
> They are clueless. They have found an attack tool online and are playing 
> with it.

Again, years ago I'd agree.  Be careful in that being the easiest to find does 
not mean they are the most popular.  In fact I've seen obvious signs of script 
kiddies to cover up the signs of a reboot when in fact a much more 
sophisticated attack lay underneath.

> Once you start watching the security of your system you might feel panic 
> at seeing all the attacks you are getting. But dont be concerned. You are 
> getting them all along. Most of them are brute force such as trying huge 
> files of possible logins with huge files of common passwords. A standard 
> system and good password habits will cover you there. Packages such as 
> ChkRootKit and TripWire will help you sleep at night (of course they can 
> be bypassed but think of it like having a great door lock which is 
> adequate even though it wouldnt keep out an expert burglar)

Tripwire run in a live environment is useless, step #1 for script kiddies is
to attack the kernel.  So even if it helps you sleep at night, it's not 
actually helping.

BTW, one thing I forgot to mention, if you don't need to be network visible, 
don't be.  Get a $50 router running ip masq.  Although my  home linux box is 
network visible and I don't worry about it at all.  Sure if there's a remote 
root exploit for sshd I'd be probably just reinstall from scratch, fortunately 
those are pretty rare.

> Gandalf  Parker
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.