I think I was sniffed?
Derek Martin
derek at cerberus.ne.mediaone.net
Tue Jul 11 10:09:18 EDT 2000
Today, Ron Peterson gleaned this insight:
> > It could still be a forged IP address.
>
> I'm curious. How would someone go about forging an IP address in a mail
> header? I would actually prefer to think that's what happened.
> Otherwise I have to think someone stole my password, probably by
> compromising my ISP. Which means this could easily happen again. Yuck.
Well there are a couple of ways I can think of off the top of my head, but
I'm not going to tell you. If you're really interested, go get Maximum
Linux Security or start trolling rootshell.com or other such places where
the script kiddies go to get their exploits.
> > Furthermore, if you are running sendmail on your laptop, STOP!
>
> Hmm. I see why you say that. I like using my laptop for screwing
> around development type stuff before launching stuff on my company's
> servers, though. I think I'd rather just try to do what I can to make
> sure I'm running sendmail securely, than shutting it off completely.
> But feel free to persuade me that I'm bonkers...
Well, I say it because it has historically been one of the larger sources
of breakins on Unix systems, and if you don't take steps to secure your
installation of it your laptop could be broken into next.
More importantly, you simply don't need it. You only NEED sendmail
running if you are receiving mail at your local machine directly via SMTP
from other SMTP servers. If you're on a laptop, it's nearly a certainty
that that is NOT the case.
To send mail out from your local machine, you do NOT need to run sendmail.
Mailers which need it will run a copy of sendmail specifically to send the
messages out, and then die. Why waste system resources AND add potential
vulnerability to attack when you don't need to?
The only conceivable reason to run it on a laptop is, as you've said, so
you can learn about how to configure and manage it, but even in that case
you're still best off only running it when you need to, rather than making
it run all the time. Most people leave it on either because they don't
know they don't need it, or (as in my case) they're too lazy to shut it
off... :)
> Things could be much worse. I'm going to consider this a wake up call,
> though, and begin learning all I can about how to thoroughly secure and
> monitor my systems.
Good idea. I highly recommend _Maximum_Linux_Security_ by "Anonymous" as
a resource. Don't be thrown off by the author's desire not to be
identified, the book is EXCELLENT.
--
---------------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
ddm at MissionCriticalLinux.com | derek at cerberus.ne.mediaone.net
---------------------------------------------------------------
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list