[Linux] what could be killing my linux router?

[Phil Smith]

The most important file to examine is
/var/log/auth.log.  It is usually there that the
"break in" records of the supposedly invulnerable
ancient Linux machine that is beginning to act like a
Windows ME machine are stored.

1) Disable root SSH, block internet access to telnet,
ftp, and all the (many) other UNIX services designed
when security was not a consideration.

2) create a strange (non-root) userid with an even
stranger password.  Once they break in as any normal
user, a root password cracker program looping to get
the root password is a mere formality.
(Actually, a really slow machine might be an advantage
here!).  Security people, who always remind us that
"security by obscurity is no security at all", always
want to make sure these password crackers can run at
full speed, perhaps as job security for them.  It
would be just __too easy__ to slow down the ability to
try more bad root passwords based on the number of bad
ones recently tried?

3) given the need to update the kernel/SSH/Apache to
current levels to avoid exploits, a Pentium 200
doesn't seem up to the task since updates are very
slow on that genre of hardware.

The newest kernels (2.6.16+) have lots of new iptables
rules to repel intruders the first time they try to
get in.

4) Select a Linux distro that makes it easy to
maintain your boxes in a pristine "yesterdays code
fixes" mode.  In your case, probably Gentoo's "emerge
ssh, etc.", just not from 2002 or so.

5) Realize how they break in:

"nc/telnet yourhost.gotdns.org 22" -->

SSH-1.9.7-OpenSSH_4.1p1,

now look up the vulnerabilities in that version. 
Actually, ancient Linux is a very false sense of
security as compared to Windows 2000, etc..

Phil





 
____________________________________________________________________________________
Looking for earth-friendly autos? 
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/