Question bruteforcing

Jacques B. jjrboucher at gmail.com
Wed May 31 08:56:38 UTC 2006


On 5/29/06, Mike C <Mikec1 at bigriver.net> wrote:
> What exactly is bruteforcing and is their away to stop it in fedora
> without useing a router or firewall box?
>
> Thanks for any help
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
In the meantime anytime you can throw a router/gateway in front of a
computer you get an extra layer of protection.  So someone trying to
exploit an OS vulnerability by attacking your IP without you having
initiated the connection will get dropped by the gateway/router.  And
because your router does not have the same OS, hence not the same
vulnerabilities, then the exploit will fail.  I use the D-Link DI-604,
a pretty basic and inexpensive router, and it does the trick quite
nicely.

To learn more about how a NAT router can act as a firewall, check out
podcast #3 at http://www.grc.com/SecurityNow.htm.  This site offers
some good podcasts for beginners, and even intermediates if it's a
topic that you are not well versed on.

Defence in depth.  The router will give you one extra layer in your
defence.  Iptables another, hosts.deny & hosts.allow yet another,
regular updates another.  Each layer is a layer that a hacker must be
able to penetrate to eventually compromise your system.  The most
effective way to bypass all these layers is social engineering where a
hack tricks you into opening an attachment or installing an
application to give them root access to your system.  So if you can
defend against that, your properly configured & updated computer with
a router should do a good job at taking care of the rest.

Regular OS updates is probably the most significant preventative step
a person can take to protect their system.  Worms exploit known
vulnerabilities (typically, some may exploit an unknown vulnerability
intiially until it's reverse engineered to identify the vulnerability
being exploited).  Keeping your system up to date will patch those
vulnerabilities before a worm exploits it.  But gone are the days that
hackers would need 14-30 days to exploit a new vulnerability being
patched.  Now they analyse patches being put out and identify the
vulnerabilty, inject that into their existing code and then send it
out the same day the patch was released.  So we are now seeing zero
day exploits.  In other words the vulnerability being patched gets
exploited the same day the patch is released.  So if you don't patch
quickly enough you are at greater risk.

But to come full circle this is where a router would offer protection
against such worms for reasons noted earlier.

Oh and if you have no intention of running a web server, a mail
server, sshd, ftpd, whatever, then don't install it (or at least don't
activate it).  Because these create points of entry into your system
by the nature of being servers allowing connection from others.
Misconfigurations of these services

Drifting a bit OT, however all security related.

Jacques B.




More information about the fedora-list mailing list