[Dshield] subnets, labrea, and sunrpc

James dshield at webfocus.com
Sun Mar 24 19:07:23 GMT 2002


Susan,

Form what I have gathered so far is that your networking knowledge is very 
limited from the E-mails you have posted.  Weather you want people to help 
you or not is up to you.  If you don't want to post things here there is 
always private E-mail. ( like the private E-mail I sent you once )  If you 
are as paranoid as some of the post seem, you might want to higher a 
Network Security expert or invest in some classes or books on Network 
Security.

At 09:30 PM 3/23/2002 -0500, you wrote:
>Actually guys, concerning subnets, would you tell James yours via this line?

Well you have a cable modem,  you are on comcast.net  you post from 
pcp890159pcs.centrl01.va.comcast.net [68.57.136.50] and your computer name 
is pinn.net.  As soon as you send a E-mail this becomes all public information.

Because you are a Cable Subscriber you are more likely on the same network 
segment as other people in your neighborhood.  If that is the case then the 
lights flashing on your Cable modem box maybe just traffic of the other 
computers on the network segment.  Not you Internal Network.  Someone on 
the same Network Segment that you are on with comcast could have a 
misconfigured PC. This is just one part that needs to be looked at.

>I uninstalled the previous version of labrea, probably should have left it 
>in is the problem. Either that or other miscelleneous stuff, but it 
>doesn't do make install, only make. I have no idea where it went, I looked 
>in all those places.

Look in the Makefile and you will see what the options are if you know how 
Makefiles are put together.  Some of the common options 
are  All,Install,Remove.  These are what I have used in the past.

>Well I had to tighten this computer up first anyway, that was my first 
>linux install and though pretty it wasn't real secure. Had to start 
>somewhere...I fixed it hopefully, definitely it's tighter now... after 
>noticing things I attempted to download were also disppearing to never 
>never land I got the hint... sunrpc connecting to some 216.xxx (a google 
>webbot?) address all day... what is sunrpc is probably a much better question.

" Sun's RPC (Remote Procedure Call) forms the basis of many UNIX services, 
especially NFS (Network File System). However, RPC is extremely dangerous 
when left exposed to the Internet, which leads to frequent compromise of 
servers based upon Sun Solaris and Linux. RPC should never be exposed to 
the Internet."
Then again any search too will allow you to find this information, or any 
good networking Book for matter.

>Something got in here hard the other night so I started over. After the 
>desktop starts shaking... well I am sure you know the rest. It took them 
>about 4 weeks this time though, as opposed to 20-48 hours on my windows 
>machines. At least that's something. And that was a standard RH 7.2 
>install with very little or no tweaking.

Is this the same system that you said was secure?


My suggestion would be to invest in a Firewall Appliance,  There are many 
out there that do a wonderful job.  The cost is not that out of line as 
some would think.  You can find them starting in price from 300 to 700 
dollars.  These would protect a small network with no problems at 
all.  Easy to manage also.

One has to look at the Time, Cost and level of Security that is need.


James







More information about the list mailing list