On Fri, May 30, 2008 at 10:10 PM, Charles, Theodore <txc5810@xxxxxxxxx> wrote: > From what I've read, there was an exploit in the way Comcast registers and updates its DNS records with the domain registar (I've already forgotten the name). And, it was this exploit that the "hackers" reported to Comcast, but Comcast ignored. Regardless, this is not a question of whether or not Comcast should be using SELinux or UNIX or Windows Server 2008 or <insert OS here>. This is a question of properly secured methods of communication between two computers on the Internet. I don't think that's applicable to SELinux in the general sense, because most policies deal with objects interacting with the local machine. I would suspect this is more applicable to something like ipfw / iptables / netfilter and possibly their interaction with the SELinux policies. If you really wanted to prevent anyone from connecting to your computer (and making it practically unusable), you could try something like this: > > iptables -t nat -A PREROUTING -i eth0 -J DROP (not tested) > > But then you'd pretty much have an unusable internet connected machine (well, technically, you'd still be able to connect out, but diagnosing network problems might be a pain). If I am wrong, please bring it to my attention. :) > > Last I noticed, Comcast is in fact back up, but I'm sure they're holding their tale between their legs, and let's hope this does not happen again. > > > -----Original Message----- > From: owner-selinux@xxxxxxxxxxxxx on behalf of Justin Mattock > Sent: Fri 5/30/2008 1:29 PM > To: Daniel J Walsh > Cc: Matthew Hammer; selinux@xxxxxxxxxxxxx > Subject: Re: question about security > > On Fri, May 30, 2008 at 7:27 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Justin Mattock wrote: >> | On Fri, May 30, 2008 at 5:51 PM, Matthew Hammer >> | <matthewhammer89@xxxxxxxxx> wrote: >> |> On Fri, 30 May 2008 17:04:41 +0000 >> |> "Justin Mattock" <justinmattock@xxxxxxxxx> wrote: >> |> >> |>> Hello; First I need to start with a status: SELinux seems to be >> |>> handling nicely with the latest git, and refpolicy. You guys really do >> |>> a good job. >> |>> Now for the question: I noticed reading the New York Times that >> |>> Comcast was hacked into, after reading the article I couldn't help but >> |>> ask the question >> |>> of "If comcast was using Linux with SELinux would this have happened". >> |>> So the question to SELinux is: If Comcast was using Linux, with >> |>> SELinux on there servers >> |>> would this attack have been prevented? What should Comcast have had >> |>> with there set up to better protect them from this type of >> |>> attack?(even though they probably use windows) >> |>> How would regular users and small businesses protect themselves from >> |>> this type of terrorism? >> |>> regards; >> |> My understanding of the comcast hack was that the hackers altered >> |> Comcast's registration information with the vendor that registers their >> |> domain. So no, the problem wasn't anything internal with comcast's own >> |> system. >> |> >> |> -- >> |> Matthew Hammer >> |> >> | >> | AAhh I see, the vendor that registers their domain. >> | >> Of course the next question is whether the vendor who registers their >> doimains had been running SELinux, could it be stopped, and there is a >> good possibility. >> >> Depending on the Version, SELinux prevents most buffer overflow attacks >> on confined domains. >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (GNU/Linux) >> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org >> >> iEYEARECAAYFAkhAVPQACgkQrlYvE4MpobPWSwCfQnk59XT5A7vZ/hL8JtHJGBj5 >> 9fkAoJ+RKyeW/Vcd86U7syYUK9T17zwR >> =tzTL >> -----END PGP SIGNATURE----- >> > > So if the vendor was protected with SELinux, the hacker would have had > to really work hard at trying to tweak the numbers > inside the vendors computer to cause this(edit a file), or is it a > wire tap scenario i.g. similar to arp spoofing. > > -- > Justin P. Mattock > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. > > It sounds like a nice idea, but if there will be problems connecting, and so forth then I'll pass, I was just wondering if they were using SELinux would this have been a better outcome. As for what happened at comcast, I really don't know, I just don't like hearing story's like that, The positive side is the hackers exposed holes which can then be fixed, but in this case the hackers exposed the holes, they just chose to ignore them,(if this is the case) causing a more of a wakeup call later in time. regards; -- Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
