[clug] DDos attacks using Linux hosts. (the-sky-is-falling now a "thing", according to the Aztec calendar)

Scott Ferguson scott.ferguson.clug at gmail.com
Thu Sep 8 14:02:49 UTC 2016 


On 08/09/16 23:42, Bryan Kilgallin wrote:
> Scott:
> 
>> Note that
>> chkrootkit and rkhunter are not sufficient protection - though a
>> properly configured and monitored transparent proxy will detect all but
>> the most sophisticated side-channelling.
> 
> rkhunter logged these issues.
> <snipped>

Given the context, I'm unsure as to what you expected. Given that you
have posed no question - I'm unsure as to the point of your post. Was
there a point?

A list of variations from rkhunter's default expectations is of
immeasurable concern.
Is this a debian based system? - if so did you create a debsum database
on creation? Have you run one since?
Did you create a read-only SHA256+ hashed db on your system before
exposing it to the intertubes? On a removable device? If the answer to
those questions is no, I'm uncertain of what you could expect without a
baseline...

I ask partially because others may jump to the conclusion that belatedly
installing and then running rkhunter may prove of use as a substitute
for prior planning and proper deployment.

Perhaps I'm putting too much into the assumption you simply installed it
onto a box that has been running unmonitored for some time, ran it once
without reading the man file and are now concerned by results you don't
understand. But I'm guessing.

Given more time and sleep I hope I would phrase the previous
differently, but as that's not the case I hope instead that it may
provide some help with the question you failed to ask. :/


Kind regards




-- 
    A: Because we read from top to bottom, left to right.
    Q: Why should I start my reply below the quoted text?

    A: Because it messes up the order in which people normally read text.
    Q: Why is top-posting such a bad thing?

    A: The lost context.
    Q: What makes top-posted replies harder to read than bottom-posted?

    A: Yes.
    Q: Should I trim down the quoted part of an email to which I'm reply

http://www.idallen.com/topposting.html

More information about the linux mailing list