Only since I started reading the linux documentation and using it finaly on my pc, I se that folks can access your computer while your surfing the internet. In very brief terms, how is it done? can hackers just pick and choose in someway pc's that are on line and gain access ? Interesting concept. Course this is probly why disros come with personal firewalls for home users i guess. and I guess ill probably set up the firewall when I know what im doing in the coming weeks.

as far as i know you can only access computers that are running a ssh or telnet server. and i know if you tried to run one of those in winblowz 9x you would get hacked...that is, if you could even run one.
imagine a dos shell over the internet. that would be ****ed up

Originally posted by onthaturn:
<STRONG>Only since I started reading the linux documentation and using it finaly on my pc, I se that folks can access your computer while your surfing the internet. In very brief terms, how is it done? can hackers just pick and choose in someway pc's that are on line and gain access ? Interesting concept. Course this is probly why disros come with personal firewalls for home users i guess. and I guess ill probably set up the firewall when I know what im doing in the coming weeks.</STRONG>


It depends on what services you have running.
Linux allows you to run more stuff on your box than a regular windows install (because its primarily a server) however, it is also generally more secure. More windows boxen are fuxored by skriptkiddies than *nix boxes... so I think you're safe.

I think the ftp service - especially wu-ftp is extremely unsecure.

In RH 7.1, it is turned off by default.. but I think that in prior versions it is enabled by default..

Id look at the that as well.

Wrong, anyone who falls into this "Services=hacks" mentality will love a Windows box. It has no services running. You exploit a buffer overflow due to bad coding, and you setup a backdoor that the user never sees, through Outlook, Internet Explorer, or anything else that connects to the internet.

This is especially easy on Windows, since most of the time, you have no idea what's going on with your system. And it's also much easier b/c if you hack a Windows system, I have access to the whole system meaning logs, system files, etc. But if I hack Linux, I also have to gain root, or everything I do is being logged and I have no real power.

[ 24 October 2001: Message edited by: subnet_rx ]

It doesn't have to be ssh or telnet. Any service that opens any port to the world has the possiblility of getting your system compromised. A firewall isn't complete protection, it's only part of the protection. You need to keep your system updated at all times whenever patches come out.

How is it done? There are many ways of breaking into a system. You have two options. Basically you can either learn the technology that you want to exploit inside out, or you can download a canned cracking program and use it blindly. Here's a hint, option one will gain you more respect. The following links should provide further insight into this topic:
http://www.securityfocus.com http://www.packetstormsecurity.org http://www.rfc-editor.org/ http://www.linuxsecurity.com http://www.phrack.org

I'm moving this thread to the Security Forum.