[PLUG] Got hacked last night - HELP!

[Darkhorse]

Redhat 9 isn't that great in my opinion, but Fedora Core 1 
is impressing me so far.  The bios could be hacked, a 
bootloader could appear to be working normally only to 
trigger a hidden virus, perhaps in your hard disk's 
free space, at some point.  

There are tradeoffs, staying current in Redhat makes it easier
to get new hardware, direct from a manufacturer, to work.  With 
slower Linux distros, bugs may be found more frequently before 
release time.  However, if you have to deal with used equipment, 
you're still potentially up a crick without a paddle.

An old version of Redhat on a unpopular architecture, like
an Alpha, may be very reasonable.  I run Redhat without X
Windows, NFS, etc.  I suggest going to http://www.openna.com/
as this company used to put out books on how to secure Redhat.

As far as the board, it's about $25 if it isn't too old, to
replace the bios chip.  That's cheap.  Make sure you replace
the hard disk and any other media drive that a virus could
be hiding on too, unless you have a safe way to get 
these media devices low level purged.  Rehdat 7.2 isn't worth
it, RH 8.0 was a zero version and I never did much with it.
I'd say go to Fedora Core 1, Gentoo, or Slackware 10 for a
server.  If you want to do NFS, network filesystems, network
authentication, try to take advantage of the broadcast nature
of ip networking for better security.  My mail server isn't
on my public subnet.  Selective NAT has it's advantages.  
Learn to forward individual protocols and block access to
certain web sites even if you can't force people through 
a proxy.  For the latter, iptables and some fairly easy
bash programming is the way to go.  

What I would like to see is people who crack systems,
any systems, held legally accountable.  They should be 
pressured to explain what they did and in some cases  
they should be forced to offer compensation.    

The largest problems I see are in computer architecture, we
simply don't have decent equipment these days that we had
even ten years ago.  The 386's were better because the bios 
was usually a ROM.  What a novel concept, a ROM instead of
a flash chip.  The idea that you download a bios and flash
it has created many of the bios problems we have today.  
Add to this that most Antivirus software is woefully out
of date and tries to update itself over the untrusted net, 
some new ideas are needed and fast.

Some good news is that I'm making progress adding intelligence
to my mail server.  E-Mail systems are a favorite attack vector
for crackers.  I've figured out that certain sources will 5xx
off of me forever. So via some bash scripting, and a few common
Unix utilities including: grep, cut, and wc, I've implemented 
temporary ip filtering lists.  If the same ip 5xx's three times 
trying to come in, I start ignoring it for a while at the packet 
level.  Maybe this will, if I can make it aggressive enough, 
deter some crackers.  Most of this is junk mail coming most 
likely off of open relays.  One thought I'm considering is to
permanently ignore the ip address of any system that attempts 
to relay across mine.  I'm getting a lot of China something 
addresses.  Thing is, any cracker can get into a network and 
cause an otherwise trustworthy system to become untrustworthy.
Forcing unknown sources down to plain text is a thought, but
I don't know how to do that with Postfix.

One thing that bothers me a ton, proxies offer the potential
for better security and better use of Internet bandwidth, but
a lot of school and government web sites don't allow you to 
use one.  The site http://my.pcc.edu/ comes to mind.  The same 
seems to be true with http://banweb.pcc.edu/ and
http://banweb.pdx.edu/.  Maybe it's time to pass a law to
gurantee access to public sites for people who intend to 
work behind open source filtering proxies.  Having a web 
site go through clamav before it touches your workstation 
is a good idea.  Maybe if we want better network security
for the Internet, it's going to have to be demanded.

     --  Michael C. Robinson