-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 and this is WHY I've been looking for a job in this field. I never assume the system is secure (I know, I've found out the hard way just how easy it is to get a rootkit in to a box). unfortunately, it seems my resume is often looked at and discarded (I never hear back from any one, with only 2 exceptions). so..... someone willing to give a visually impaired linux guru a break? Technomage On Saturday 15 March 2003 09:03 am, Dennis Davis wrote: > It's amazing, spend all that money for good equipment and then don't > configure it correctly due to some dullard decison maker who knows > nothing about networking and security. > > That business will most likely have a new remote silent partner running > their business in the next few days. > > My thoughts before coffee..... > > Dennis > > David Mandala wrote: > >You have a pretty good start on a totally secure machine but I disagree > >on a few details, to get a totally secure machine you need to put it in > >a steel and concrete vault, in there build a 10'x10'x10' form and fill > >it with rebar steel, pour it 1/2 full of concrete then place the > >computer in the center of mass and finish filling the form. When done > >and concrete is hardened for at least a week you may have a totally > >secure computer, but it could be cracked if someone was stubborn enough > >and had enough time with a jackhammer. But the vault steel doors and > >guards should stop the time and access required. > > > >Cheers, > > > >Davidm > > > >(-; > > > >On Sat, 2003-03-15 at 04:02, technomage wrote: > >>-----BEGIN PGP SIGNED MESSAGE----- > >>Hash: SHA1 > >> > >>who is this "nutbar" who thinks they are totoally secure? I'd like to > >> know so that I can avoid meeting him unless I have reason to. > >> > >>totally secure = power supply isolated, non-networked machine behind 2 > >> layers of steel doors and lots of guards. > >> > >>anything else is debatable. > >> > >>Technomage > >> > >>On Saturday 15 March 2003 03:17 am, Entelin wrote: > >>>I have a client I am trying to convince to install a firewall, (eather > >>>iptables or preferably cisco PIX). They have practicly every service > >>>under the sun open, the only reason their tcp netbios ports are closed > >>>is because cox filters them. The only reason I am having to convince > >>>them of anything is because they have another linux tech working for > >>>them and he is somehow convinced that they are completely secure "at the > >>>deamon level" wrote a big email to my client saying they dident need to > >>>install a firewall, or even close totaly unused ports on their box! > >>>(they even had echo and chargen open before I at least convinced them to > >>>close those ie: forged packet between echo and chargen = storm). > >>>nevermind the two root exploits their sendmail is at risk for. and the > >>>password sniffing of their login,telnet etc.. god.. > >>> > >>>ANYWAY sorry for that rant. back on topic I was wondering if I could do > >>>anything with these udp ports in absence of the filtered tcp netbios > >>>ports. ? as in gain any kind of access or DoS. > >>> > >>>137/udp open netbios-ns > >>>138/udp open netbios-dgm > >>>139/udp open netbios-ssn > >>> > >>>Thanks :) > >>> > >>>--------------------------------------------------- > >>>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > >>>To subscribe, unsubscribe, or to change you mail settings: > >>>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > >> > >>- -- > >>I will not be pushed, filed, stamped, indexed, briefed, debriefed, or > >>numbered! > >>My life is my own - No. 6 > >>-----BEGIN PGP SIGNATURE----- > >>Version: GnuPG v1.0.7 (GNU/Linux) > >> > >>iD8DBQE+cwhOn/usgigAaLcRAs79AJ9Tty91a3ZorlD3pgKL9dBRRJSSzACeKW4U > >>6v2lRe90Uh6uuJYQKty5ihg= > >>=hUiC > >>-----END PGP SIGNATURE----- > >> > >>--------------------------------------------------- > >>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > >>To subscribe, unsubscribe, or to change you mail settings: > >>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss - -- I will not be pushed, filed, stamped, indexed, briefed, debriefed, or numbered! My life is my own - No. 6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+c8DIn/usgigAaLcRAn6NAKCC9JCgoBRAK7Ei0AVirLz3kQ5E/wCggW4i HvIjX1FkdEynSkCaGsi/xuo= =SB0u -----END PGP SIGNATURE-----