KLUG Meeting Minutes and Agenda (#20) The 20th meeting of the Kingston Linux User Group was held Mon, June 5, 2000 at 7PM at RMC. The meeting lasted until about 10:00 PM. The attendees were: Bekhit, Nersiana Conrad-Avarmaa, Brigitte Crowe, Clayton Drummond, Mark Farnell, Cam Forbes, Kerry Healy, Art MacPherson, Alex Mitton, Douglas Moulton, Mike Postill, Rob Thomas, Matt Zandbergen, Harry Rob's Mom and Dad (Sorry, didn't get their names) Meeting Schedule: (Monthly, alternating between first Mon and Wed evenings at 7PM. Locations to be determined.) 21 - Mon, Jul. 3 at RMC. 4th Mini-Install Fest! (Changed from original date!) 22 - Wed, Aug. 2 at RMC. Session 3 of 12 - (?) 23 - Wed, Sep. 6 at RMC. Session 4 of 12 - (?) 24 - Mon, Oct. 2 at RMC. 5th Mini-Install Fest! Summary Of Activities: - Web page host and domain name - klug.on.ca has been registered(not yet in use). - Internet presence - Temporary web page at http://signals.rmc.ca/klug. - Mailing list - klug-subscribe@lists.rmc.ca. Ideas For Future Meetings: - 2000 will be mainly dedicated to networking and network security subjects. - Instructions on how to install Linux distributions. Agenda/Minutes: 1) Roll Call and Introductions (if required) - See attendees above. 2) This Meeting: There were 15 attendees to our 10th presentation "Intrusion Demo" by Rob Postill and Kerry Forbes. We were in our new room tonight as well, G307. Kerry started the presentation by describing a firewall and the various implementations and then the ipchains utility used on Linux systems to maintain the firewall. He then described IP masquerading which is the specific ipchains target to be used in this demonstration. This part of the presentation described a basic Linux home or small business setup and it has been used in several of our previous demonstrations. An understanding of these functional and security concepts is very important in setting up your own home network. Rob then started explaining how to break into a system. There were 2 seperate methods, those involving local access to the network in question and those only involving remote or internet access. The main point was that if the computer is not physically secured almost any breakin attempt will be successful. These exploits involve using a boot disk or other local access method to change, add or view passwords on existing accounts, add compromised binaries to the system such that future remote accesses will result in full access to the target system (a root shell). Rob then described remote or internet attacks. Besides ipchains to set up protection, he used the nmap utility to show the various methods of "OS Fingerprinting" and otherwise determining if exploits are available on that particular system. In general, exploits take advantage of default or null passwords, wrong configuration of anonymous FTP servers, poorly written CGI scripts and inappropriate or improperly used network services. As an example of an actual breakin they presented a demo of a libtermcap exploit. This required several methods to actually take advantage of the exploit. First "human engineering" was used to obtain an account on the system. Then it had to be determined if the exploit existed. Then some net searches to obtain a script to actually activate the stack overflow problem then to actually use it to obtain a root shell. Thanks to Rob and Kerry for a great presentation. If anyone has questions ask on the mailing list, they may even make their notes available that were handed out at the meeting. There was a great script to implement ipchains security on a firewall. 3) Next Meeting: Mon. Jul. 3 at RMC for our 4th mini-install fest. 4) Socialize / Adjourn