[Novalug] linux issues

Peter Larsen peter@peterlarsen.org
Fri Aug 12 23:29:35 EDT 2016


On 08/12/2016 03:21 PM, Ed James via Novalug wrote:
> Yeah, I know what SPAM and DDoS attacks are. Spare me the snark and
> the wasted bandwidth.

You're not acting as if you do. Turning up the volume certainly doesn't
tell me anything to counter that belief either.

> If you wanna be useful, gimme details - how does an outsider get inside
> my router?  

Are you seriously trying to argue that you have a penetration safe
router, created 10+ years ago?  If we pretend you're right, that a
simple NAT gate is enough to protect a network, why in the world do we
spend billions of dollars on network security? It's easy to fix?  I
think you know the answer to that.

So, a reminder. Security is layered. You're only as vulnerable as your
weakest link.  So pretending you host a website behind your NAT server,
which allows someone to inject a URL for outbound requests because
you've not patched for ShellShock or similar bugs, how hard do you think
it's going to be for someone to setup an attack from the inside of your
network against your own router, opening it up and allowing easy
access?  And that's just ONE use-case out of a hundred.  Even if you
only use it for outbound traffic, clicking on the wrong link in your
insecure browser can start a similar attack, in particular if your
browser is ancient and insecure.  Or it could come in via email, or just
a script that you think does one thing but actually does something else.

> And don't do a lazy cut-and-paste of some generic site that
> lists a bazillion possibilities and pieces of hardware and buzzwords.

No - you want to just be right and everyone else with information for
you to read, is TL;DR right? I've provided you with several links now.
I'm done.


-- 
Regards
  Peter Larsen






More information about the Novalug mailing list