PDA

View Full Version : Let Me Ask Some Security Questions Here...<again>



SurferJoe46
24-10-2007, 04:38 PM
Since I have both the NIC/DSL running and my Phone-Fax/Dial Modem and a dual-boot with Mepis and XP...what I want to ask is this........

OK..the NIC/DSL is protected by the usual bevy of security and stuff...is my phone/fax Modem and such protected too? ...and by the same security stuff?

What about when I run Mepis on DSL ...can I get a virus that can transfer itself to the XP side?

Inquiring minds need to know. :confused:

gnail
24-10-2007, 06:24 PM
With ADSL it's usually behind a NAT so people can't connect to you unless you forward the ports, so it's basically a firewall that blocks all incoming connections. Dial-up, on the other hand, doesn't have that capability but your Windows come with a firewall anyway so I wouldn't worry too much about it. Just uninstall IIS and other useless junk that opens up vulnerabilities. On Linux I don't really bother with a firewall, since it will not listen to something you don't want it listening, and if you want it to listen to a port, then why would you need a firewall? I use iptables more for connection sharing than for actual firewall capabilities.

TGoddard
24-10-2007, 09:59 PM
On a Linux system all incoming network traffic will be filtered by netfilter (in the Linux kernel). You can get handy tools, usually based off the iptables interface, that will help you create rules to control traffic. The dial-up modem will not have the same external protection as the ADSL as it doesn't use NAT so you should block all incoming connections on unknown ports if you can. Otherwise, don't worry too much.

There are no known viruses for Linux in the wild so I wouldn't worry about Mepis cross-infecting Windows! Since the Linux community is small and diverse a virus attack would not be worthwhile - it would fail very badly even if most machines were very poorly maintained as avenues of attack.

Automated attacks like viruses are only really effective against large groups of near-identical machines in the hands of those who don't properly maintain security standards.

SurferJoe46
25-10-2007, 11:39 AM
OK..and now what I figger is a dumb question....

Is there any attack that could be launched against NT systems via L-systems?

In other words, could a malware writer just send a virus that would not attack the L-based machine hoping that there might be a dual boot involved and then jump to the Window system?

Kinda paranoid of course...but I just want to know what anyone thinks right now. I realize it is a very special situation...but a buddy has tried to insist that this is what happened to him.

Is it possible-likely-worthwhile?

iwalmsley
25-10-2007, 01:57 PM
Short answer - Yes, many, keep your windows protection up to date.

Long answer - Any attack, is essentially the same, a peice of programming code, which when run in the right (or wrong depending on your outlook) environment, does bad stuff.
A malicious file that turns up through linux on your dual boot machine, can
a) run in linux and do bad stuff to linux
b) run in linux and do bad stuff to windows files, which then does bad stuff to windows when those files are actually executed.
c) arrive on the pc in linux, run in windows and do bad stuff to windows

a) is your typical kind of virus, designed for the linux platform - very rare
b) would be some kind of cross platform virus, relying on the host machine being 1) dual boot, and 2) having the required version of both linux and windows - technically possible, probably doesnt exist
c) this is essentially a windows virus, that just happens to arrive on your hard drive while the computer is running linux. Could be an email attachment you recieve using your linux client, then actually open the attachment in windows. This is slightly less likely than getting a normal virus in windows.
Protection boils down to either keeping linux and windows completely unaware of the others file system, or again just keeping your windows system well and truly protected, and remembering that any linux based antivirus, may not necessarily detect any virii designed to attack windows.

You probably should have stuck with the short answer.

SurferJoe46
25-10-2007, 05:48 PM
Short answer - Yes, many, keep your windows protection up to date.

Long answer - Any attack, is essentially the same, a peice of programming code, which when run in the right (or wrong depending on your outlook) environment, does bad stuff.
A malicious file that turns up through linux on your dual boot machine, can
a) run in linux and do bad stuff to linux
b) run in linux and do bad stuff to windows files, which then does bad stuff to windows when those files are actually executed.
c) arrive on the pc in linux, run in windows and do bad stuff to windows

a) is your typical kind of virus, designed for the linux platform - very rare
b) would be some kind of cross platform virus, relying on the host machine being 1) dual boot, and 2) having the required version of both linux and windows - technically possible, probably doesnt exist
c) this is essentially a windows virus, that just happens to arrive on your hard drive while the computer is running linux. Could be an email attachment you recieve using your linux client, then actually open the attachment in windows. This is slightly less likely than getting a normal virus in windows.
Protection boils down to either keeping linux and windows completely unaware of the others file system, or again just keeping your windows system well and truly protected, and remembering that any linux based antivirus, may not necessarily detect any virii designed to attack windows.

You probably should have stuck with the short answer.

Yeah but..(I have a lot of "yeah buts")...I like this (your) answer even better.


It provides me with a sense of flow and the way the virii work and promulgate.

Thanks for the eye-opener! A lot! :nerd:

kjaada
25-10-2007, 06:33 PM
One minor thing is that a virus can arrive on yr machine via email and you can then forward it on to windoze users unbeknown to you.When I was running the odd virus scan in Xandros over 2 years I found 2 phishing things that I had no idea were in my emails.

johnd
25-10-2007, 08:36 PM
Since the Linux community is small and diverse a virus attack would not be worthwhile
The desktop Linux community is small - but about 70% of all web pages are delivered from a Linux server - so the number of Linux systems out there is not that small!

Chilling_Silence
25-10-2007, 10:59 PM
Actually if you were going to attack something, you wouldnt really go for something like the linux kernel, although there have been a few privilege escalation exploits out there, you're more likely to find a hole in the likes of Apache, Bind, Sendmail, MySql, something like that, or even some Forum software amongst other things has flaws which can be used to bring down a server or gain additional privileges...

SurferJoe46
26-10-2007, 04:57 AM
Thanks for the info..it was a good read and makes me a lot happier with what I now know.

Adding to the learning curve is nice...again, thanks!