Bluehost.com Web Hosting $6.95

Re: Running stealth servers

This is a discussion on Re: Running stealth servers within the IPFilter forums, part of the System Security and Security Related category; a b wrote: >> A friend is looking to remotely administer a UNIX box from anywhere in >> ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page Re: Running stealth servers

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-30-2005
David Kirkby
 
Posts: n/a
Default Re: Running stealth servers
a b wrote:
>> A friend is looking to remotely administer a UNIX box from anywhere in
>> the world. Webmin attracts him, but I'm not over keen on the idea of
>> having a program like that which runs as root open to the whole world.
>> It must be quite atractive to hackers if they find webmin running.
>>
>> After thinking about it, I had this idea; How about making a stealth
>> firewall with ipfilter, that ignores all attempts to connect. The
>> firewall logs denied packets to a log file. The log file is parsed by
>> a program which will open the port used by webmin (say 54321) if and
>> only if:
>>
>> a) Someone tries to connect to port 1000
>> b) From the same IP next tried to connect to port 13233
>> c) From the same IP next tries to connect to port 3244
>>
>> (or any other random combination of ports). Then and only then the
>> firewall is opened to the port with webmin running (54321).
>>
>> So in order to access webmin, you would from your browser try:
>>
>> http://www.somsite.com:1000 // ignored
>> http://www.somsite.com:13233 //ignored
>> http://www.somsite.com:3244 // now causes port 54321 to be opened

<snip>

>> Thoughts?
>
>
> It's not a bad idea, however I really recommend against the webmin part.

I don't like the webmin idea myself either. But my friend wants a GUI,
as his knowledge of UNIX is not that much.

> Standard practice in such situations has been to connect the servers to
> an RSM or a CMS, reconfigure them to use ttya for console I/O, and
> configure the FW to allow SSH on an arbitrary port on the FW. With the
> RSM/ALOM/CMS solution, you get the critical functionality of being able
> to stop, start and troubleshoot the remote hosts as if you were
> physically present on the console.
>
> Of course, how exactly one solves the SSH access is left to one's
> imagination... sky is the limit.

Having console access for me is quite important, as I'm going to the one
to debug it. We were thinking of using another Sun, configured with ssh
and not much else, to give that.
--
David Kirkby,
G8WRB

Please check out http://www.g8wrb.org/
of if you live in Essex http://www.southminster-branch-line.org.uk/


Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 01:37 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0