[Clug-tech] Curious how an old machine will handle new threats.

John Jardine john_e_jardine at spamcop.net
Thu Oct 16 18:07:18 PDT 2008 

I've got so much old gear, including routers and switches that I should
be able to isolate that box pretty well.  

Shaw gives me 2 IPs and I'm using them both.  I do host some services on
my wireline network but my wireless network doesn't host anything.  I'll
vector the DMZ to the old computer and then daisy chain another router
in front of wireless network.  Kinda like:
DLINK-DVG1120
   + DMZ (486/33c )
   + LINKSYS-WRT54GL
      + Wife's Linux machine (Ubuntu Hardy x86_64)
      + Kids Linux machine (Slackware 12.1 x86)
      + PS3
      + WII
      + N800
      + Cell Phone
      + OLPCs - but they are normally powered off.

Even if the bad guys crack the 486/33c they still have to crack the
WRT54GL before they get to the juicy core of that network:)  And even
then, it's all appliances & Linux boxes so it's relatively safe.

The software that's accessible on that machine is:
telnet
ssh
ftp
ntp
I know of flaws in everything except NTP, and I probably just didn't
hear about those:)

Cheers,
J.J.

On Thu, 2008-10-16 at 17:59 -0600, Mark Carlson wrote:
> On Thu, Oct 16, 2008 at 5:37 PM, John Jardine
> <john_e_jardine at spamcop.net> wrote:
> > Ok - boredom got the better of me today and I booted what was my first
> > Linux machine again.  The machine is an old Gateway 2000 486/33 16MB
> > 210MB/HDD running Slackware 7.  To save you the trouble of looking that
> > up it's kernel 2.2.13, recompiled to my needs.
> >
> > I had not turned it on since 2001.  I actually remembered the root
> > password for the box so I was able to log in.  There is nothing on this
> > machine that I need so it's next stop is the recyclers.
> >
> > So - before I take this to the recyclers I was going to put it on 'The
> > Net'*, as-is, as a honeypot and see how long it takes for the bad guys
> > to find it and crack it.  I'll setup another machine as a bridge to
> > capture the traffic.
> >
> > I'm open to suggestions though - what would you do with this dinosaur?
> >
> > BTW: I've got a distribution disk of Slackware 7 if anyone is looking
> > for a copy :P
> >
> > Cheers,
> > J.J.
> >
> > * That reference is about as old as the computer
> 
> 
> Sounds like fun!
> 
> 1. I would make sure to enable either all the services you used to
> use, all the services you're willing to set up, or some combination of
> the two.
> 
> 2. Make sure it does not have access to the machines on your home
> network so they aren't attacked from the inside.
> 
> 3. Once owned, your machine will most likely be targeting other
> computers on the Internet, making you look hostile... just like
> millions of other computers... but still...  don't do this from a
> static IP that you don't want blacklisted anywhere (I'm thinking
> Spamhaus here.)
> 
> I'm very interested in how long it takes to get owned, and what gets
> owned first.  Web server / web application vulnerability?  SSH v1
> vulnerability?  There are a lot of possibilities.  Perhaps the
> vulnerabilities will be too old to get hit right away.
> 
> -Mark C.
> 
> _______________________________________________
> clug-tech mailing list
> clug-tech at clug.ca
> http://clug.ca/mailman/listinfo/clug-tech_clug.ca

More information about the clug-tech mailing list