[TriLUG] iptables & FUD

John Vaughters jvaughters04 at yahoo.com
Mon Apr 29 09:15:44 EDT 2013 

>netstat is legacy. 
 
No! No! No! We cannot have that. netstat lives forever `,~>
 
As far as iptables, leaving your system open for attack depends on a variety of things to come together to be attacked. I have studied the hacker traffic a little and here is the process I have seen. Although there methods are always changing this process is fairly standard. 
 
1. They need to find your open ports. They do bombard your ip address with search packets, but it takes some time. So if you are only temporarily on line, it makes their life much harder.
2. They have to actually find an exploit on one of the open ports you have. If you are using Linux you have reduced this by a huge factor. If you are using up to date Linux you have greatly reduced their attack ability. If they do find an exploit for even a short time you have been listed, and that same exploit will be tried over and over throughout even years time. 
3. Most of the really bad exploits are from older software. If you have done a good job keeping your software up to date, then your chances are greatly reduced.
 
The fact is that most attacks come from inviting Vampires into your house. Yup! meaning it is your fault. You run an application that loads a virus and immeidately runs a check on your system and sends it out to the Queen Vampire, where you are listed on many other virus sites, and the attacks come hither all becasue you let them in. 
 
Recently our corp file system was brought down by a virus that originated from a valid install disk of a publisher that we get monthly updates on CD. Yea, I know, Do not judge! There are still some people behind in their Tech. Virus spread like wild fire and we shut down the servers and reverted to an old version. Work was lost. Time was lost. All becasue The vampire was invited in. 
 
That is not to say be slack on your network, but a short time of exposure is not a likely issue if you have good software.
 
Tip: If you ever want to learn about how to track, kill and otherwise learn about malicious activities, just allow your kids to run wild on a windows computer. You too will get the following:
 
1. Bandwidth reduction
2. Slow computers
3. Messages from your ISP threatening service shutdown
4. Weekends blown trying to track and protect your computers from the true virus in the house. Your KIDS!
 
Wow! Post was longer than I expected.

More information about the TriLUG mailing list