Peeping Trojan

[philip]

Yes, be careful and have your protection up. I remember some quotes that you can have as much protection as you want but that it's not going to help if you're really uncareful yourself. I also read it wasn't a very good virus. BTW it doesn't really surprise me, I recently heard of a program that allows you to see someone else desktop completely with runnning programs and this is only a little step further controlling some hardware.

[Bozos of Bones]

Remote Desktop is a program heavily exploited, and incorporated in Win XP. That's the telnet of the today, altho telnet is still the best. There's a bunch more, like connection simulators that make you an outside user of a computer, and you need to watch out for al of them. Luckily, most of them(hackers) can't use those through firewalls, not to mention proxys. I'm currently waiting for a friend of mine to give me a proxy simulator to test, he says it's great. Expect update.

[philip]

Speaking of telnet I saw it was still on my computer. Must be in some base package for linux then. Goodbye

Quote:

debian:~# apt-get remove telnet Reading Package Lists... Done Building Dependency Tree... Done The following packages will be REMOVED: telnet 0 upgraded, 0 newly installed, 1 to remove and 4 not upgraded. Need to get 0B of archives. After unpacking 188kB disk space will be freed. Do you want to continue? [Y/n] y (Reading database ... 29664 files and directories currently installed.) Removing telnet ... debian:~#

[Bozos of Bones]

Erm... you probably shouldn't have done that, because Linux uses telnet(telnet is on all OSs) in different ways, one of them could be(depending on settings) file transfer on LAN, and P2P network. I don't know if you do any of that, but try and read up on what it's actually for before killing it.

[Bungleau]

Telnet is actually quite useful... that's one of the things that can let you access one machine from another. I use it frequently at work, and here in the home office when I want to do something on my RedHat box, but don't want to walk all the way over there to log in. I'd put it back... the security problems come in when someone can telnet in and guess an account and password. Make sure those are secure first...

[philip]

Quote:

Originally posted by Bozos of Bones: Erm... you probably shouldn't have done that, because Linux uses telnet(telnet is on all OSs) in different ways, one of them could be(depending on settings) file transfer on LAN, and P2P network. I don't know if you do any of that, but try and read up on what it's actually for before killing it.

Well I hear there are a lot of security issues with it and at the moment I'm not doing anything you mentioned. I knew what it did. Once I do file transfer on lan either samba says I need it or it won't and I just use samba. It's only 800kb extracted so the download is very quick if I happen to need it. And it's just a little security and making my hd clean to not have anything on it I don't know how to properly secure or I don't use at all. There were no dependencies so I'm ok for now [img]smile.gif[/img]

Quote:

Originally posted by Bungleau: Telnet is actually quite useful... that's one of the things that can let you access one machine from another. I use it frequently at work, and here in the home office when I want to do something on my RedHat box, but don't want to walk all the way over there to log in. I'd put it back... the security problems come in when someone can telnet in and guess an account and password. Make sure those are secure first...

Does it allow connecting to windows boxes as well? Passwords are basic secure now I think, I haven't done anything particular with it except what I got in the installation progress. edit: not easy to guess though

[ 08-26-2004, 11:40 AM: Message edited by: philip ]

[Bungleau]

You can telnet to a windows box if there's a telnet server on that box. Windows doesn't provide one by default until... XP, perhaps; at older versions, I have customers who have used third party telnet packages like Georgia Softworks to enable telnet onto Windows servers.

Removing telnet feels a whole lot like saying I'm going to remove notepad to prevent people from editing files. There are other ways that they can do it, and frankly, all it does it make my own life a little more difficult. You still have rlogin, ssh, rsh, and at least a couple of other methods for getting into that Linux box that are available. All you've done is made sure that anyone who gets in will have to be a sophisticated hacker, not a simple one. IOW, common hoodlums are not allowed; you must be mafioso or yakuza to get in.

That being said, what are you trying to protect your Linux box from? If it's on your LAN, and your LAN is properly secured, you're protecting yourself from... yourself. If it's exposed to the internet, then there are many more important things besides telnet that you need to worry about.

BTW, Samba can leave you with an even bigger hole than telnet. If you're not requiring passwords for the shares, then you're even worse off.

[philip]

Quote:

Originally posted by Bungleau: You can telnet to a windows box if there's a telnet server on that box. Windows doesn't provide one by default until... XP, perhaps; at older versions, I have customers who have used third party telnet packages like Georgia Softworks to enable telnet onto Windows servers. Removing telnet feels a whole lot like saying I'm going to remove notepad to prevent people from editing files. There are other ways that they can do it, and frankly, all it does it make my own life a little more difficult. You still have rlogin, ssh, rsh, and at least a couple of other methods for getting into that Linux box that are available. All you've done is made sure that anyone who gets in will have to be a sophisticated hacker, not a simple one. IOW, common hoodlums are not allowed; you must be mafioso or yakuza to get in.

I'm not able to use telnet then anyway. Apart from security it feels cleaner, like in windows you've got a whole lot of stuff I never use and can't get rid off. But I like the idea that if I get hacked at least someone who knows what he's doing comes in.

Quote:

That being said, what are you trying to protect your Linux box from? If it's on your LAN, and your LAN is properly secured, you're protecting yourself from... yourself. If it's exposed to the internet, then there are many more important things besides telnet that you need to worry about.

It's a wireless LAN and since I have 1 little brother and 2 little sisters who can't properly handle security ("if any of those message boxes comes up I just click close", yes that's a firewall). I still have to add WEP (which I hear is broken anyway) but I had some trouble with that cause after I added the WEP I couldn't connect anymore and it wouldn't go away till I removed WEP, And yes I was using the right key. It's on the internet but I haven't got real time to look into configuring security as I like it

Quote:

BTW, Samba can leave you with an even bigger hole than telnet. If you're not requiring passwords for the shares, then you're even worse off.

I don't share files on my computer But thanks for the warning! Maybe I can get away without using it now I have my own backup partitions and hds. I just use it to get stuff from the other computer. I haven't done anything for security on my linux box yet but I was about to start on that as school starts so I can't break my install anymore cause that leaves me without computer for a couple of hours.

[ 08-26-2004, 03:28 PM: Message edited by: philip ]

[Bungleau]

The WLAN is separate from your Linux box. IOW, removing telnet does nothing to make your Linux box safer; like I said, there are at least three more ways to connect in that are similar to telnet. If it makes you feel good to take it out, go ahead; personally, I'd leave it in because I consider it to be such a basic building block of Unix that something else may break if it's not there.

As for WEP, it should work just fine. Sure, it can be cracked, but so can anything, given the appropriate time and resources. You're just trying to make it easier for honest people to stay honest. If you have problems setting it up, drop me a line. I highly recommend it [img]smile.gif[/img]

As for Samba, you do know that it is sharing files on your computer, right? I mean, that's what Samba does -- makes it possible for one computer to see the resources (files, printers, etc.) of another computer. It's not like Kazaa or other peer-to-peer sharing services, but it's sharing, pure and simple. And just like in Windows, you can share something wide open (where anyone can see it), or you can require a user ID and password to be able to access it. And you can set up specific rights (read only, full access) for that user.

If I were you, I'd do three things:

1. Set up the accounts for those siblings of yours as non-poweruser accounts. IOW, they don't get administrator rights or anything. That way, they can't really screw anything up. Dulecki's law of system access applies: You get access to what you can fix, should you happen to break it.

2. Focus back on your WLAN setup and configuration to get it in shape. That's your first line of defense.

3. Put back telnet and just protect your entire network. Hopefully, you're not doing any work as root on your Linux box, or as Administrator on the Windows boxes. Make sure you require passwords on all profiles on all accounts... and something more, I think... but I've got to run up for dinner now [img]smile.gif[/img]

Hasta later with more thoughts...

[philip]

Quote:

Originally posted by Bungleau: The WLAN is separate from your Linux box. IOW, removing telnet does nothing to make your Linux box safer;

I was just securing my box cause the wlan isn't very secure [img]smile.gif[/img] Still overkill though but it looks cleaner now at least

Quote:

As for WEP, it should work just fine. Sure, it can be cracked, but so can anything, given the appropriate time and resources. You're just trying to make it easier for honest people to stay honest. If you have problems setting it up, drop me a line. I highly recommend it [img]smile.gif[/img]

I'll try today, I've scheduled today to look at basic security and checking my dad's computer as well.

Quote:

As for Samba, you do know that it is sharing files on your computer, right? I mean, that's what Samba does -- makes it possible for one computer to see the resources (files, printers, etc.) of another computer. It's not like Kazaa or other peer-to-peer sharing services, but it's sharing, pure and simple. And just like in Windows, you can share something wide open (where anyone can see it), or you can require a user ID and password to be able to access it. And you can set up specific rights (read only, full access) for that user.

Good thing it's not on my computer then now [img]smile.gif[/img] Still got to learn a lot but it's easier with less stuff running and on my computer anyway

Quote:

If I were you, I'd do three things: 1. Set up the accounts for those siblings of yours as non-poweruser accounts. IOW, they don't get administrator rights or anything. That way, they can't really screw anything up. Dulecki's law of system access applies: You get access to what you can fix, should you happen to break it.

They won't come on my pc and in winME there isn't such an option so they still can play with the firewall and stuff. But that's ok it's not my PC and I warned them enough of making backups. It looks like I shouldn't allow them any access to a computer at all with that law lol. They're asking me why it doesn't work if the wires are unplugged,

Quote:

2. Focus back on your WLAN setup and configuration to get it in shape. That's your first line of defense.

I'll limit the MAC addresses as well on it and try to get the WEP up [img]smile.gif[/img]

Quote:

3. Put back telnet and just protect your entire network. Hopefully, you're not doing any work as root on your Linux box, or as Administrator on the Windows boxes. Make sure you require passwords on all profiles on all accounts... and something more, I think... but I've got to run up for dinner now [img]smile.gif[/img] Hasta later with more thoughts...

I'll put it back if I need it. Of course I'm not working as root. It makes me think twice before I break something. In the holidays I had this rule, "if you don't break it you won't fix it. If you don't fix it you don't learn. If you can't figure anything out do something even if it breaks the system

Thanks for the advice! [img]smile.gif[/img]

edit: hotkeys and spelling

[ 08-27-2004, 10:25 AM: Message edited by: philip ]