What's new

Any network/security admins feeling extra tired this week? (1 Viewer)

John Stone

Supporting Actor
Joined
Aug 5, 2001
Messages
680
I sure am. Remote root exploits have been announced within the last few weeks for several of the most widely used DMZ network services: Apache, OpenSSH, and now the resolver libraries used in the nearly ubiquitous ICS BIND (among other things). It's been crazy trying to get all the servers I'm responsible for updated without breaking anything or causing loss of service. Unfortunately I think we're going to see a lot of hacked systems over the next several months. I hope things calm down a little so I can take a well-deserved long weekend after the 4th.
 

Ryan Wright

Screenwriter
Joined
Jul 30, 2000
Messages
1,875
John - I spent 3 hours last week updating OpenSSH on the servers I'm responsible for. Forgot to compile it with PAM support the first time around (doh!) and had to re-do it all. Not fun.
 

John Stone

Supporting Actor
Joined
Aug 5, 2001
Messages
680
Forgot to compile it with PAM support the first time around (doh!) and had to re-do it all. Not fun.
:angry: A similar thing happened to me during one of my OpenSSH upgrades. This particular one happens to live on a Slackware box, and I forgot that Slackware distros require the --with-md5-passwords ./configure flag when compiling OpenSSH. That drove me nuts for a while. It's a damn good thing I kept my old SSH session open until I -HUP'd its parent process and tested, or I would have been going for a long drive. The little things can save so much time. :)
 

Charles Bober

Stunt Coordinator
Joined
Sep 5, 1999
Messages
199
I'm with ya Kolya. Maybe the market will rebound so I can finall get a job. 2 months now being unemployed and I'm going freakin' nuts.
 

Micah Lloyd

Stunt Coordinator
Joined
May 27, 1999
Messages
141
One of my great fears is HUP'ing the new sshd on one of my remote systems and have it fail, locking me out (especially troubling in that many of the systems I administer are 7,500 miles away...). I've learned to temporarily open telnet (with OPIE) during these updates.
 

DonRoeber

Screenwriter
Joined
Feb 11, 2001
Messages
1,849
I'm glad I purposely run an old version of ssh (the ssh1 series, the way we use it, we're not vulnerable to the attack). Having to fix all of the apache installs sucked though. Our bind is okay too, because of the way we use it.

zlib a few months ago -really- sucked.

There've been a bunch of unix exploits recently. For awhile, we weren't getting any, and all of the NT guys were working OT. Ah well. Maybe we'll get some new platform agnostic denial of service attack in a few months. Always good to have something like that around when the students come back.
 

Ryan Wright

Screenwriter
Joined
Jul 30, 2000
Messages
1,875
One of my great fears is HUP'ing the new sshd on one of my remote systems and have it fail, locking me out (especially troubling in that many of the systems I administer are 7,500 miles away...). I've learned to temporarily open telnet (with OPIE) during these updates.
You don't have serial consoles setup?! ALL of our machines are attached to a hardware based serial port server. If SSH or networking dies, I can telnet into that and access the machine through it's serial port. And that's just to save me from a measly 15 minute drive.
 

John Stone

Supporting Actor
Joined
Aug 5, 2001
Messages
680
I use a few Livingston PortMaster 2E's for serial access to most of the routers, switches, servers and IDSUs at our central office. Those PM2Es work great even after all these years. I am thinking of deploying some old laptops to some of our more remote locations for the same purpose. Nothing worse than locking yourself out of something in the middle of the night. :frowning:
 

Micah Lloyd

Stunt Coordinator
Joined
May 27, 1999
Messages
141
It's amazing; those PortMasters can be picked up for under $100 on ebay... Remember what they went for new?!?
 

Users who are viewing this thread

Forum Sponsors

Forum statistics

Threads
353,180
Messages
5,010,610
Members
143,417
Latest member
bolorkay
Recent bookmarks
0
Top