2001 04 05

                    LINUX NEWS
              Thursday, April 5, 2001


1) Sean’s Notes

2) Linux News

Ximian Survey
Lion Virus is Out There...
Transgaming CEO on WineX
NSA Linux

3) Linux Resources

Securing DNS with Transaction Signatures
Free IBM Developer's Kit
Put Away the WINE
More Linux Clustering
Why I chose Windows NT over Linux: Not This Time!

4) App o’ the week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~ DOUBLEDAY

Become a Visual Basic Programming Wizard for $9.99! Get this three book/three CD-ROM set and you’ll receive instant access to authoritative VB 6 solutions - only $9.99 when you join Computer Books Direct.

For information on how to advertise in this newsletter
please contact mailto:adsales@BrainBuzz.com or visit

1) Sean's Notes
I've mentioned the honeynet project before, but for those

that missed it, it's a collection of well-monitored machines
scattered throughout the Internet just waiting for a cracker
to break in.  Every move is logged, and a team of experts
pour over the traces in order to figure out the latest in
cracking techniques.


What's significant about the above URL is that each month
a trace is posted, with an open challenge to perform an
analysis.  At the end of each month, the experts rank the
solutions and provide their take on it.  Take a peek through
some of the old solutions.  See the ease with which the
system was compromised. There are attacks on both Unix and
Microsoft machines.  Even with the vast resources available
to the software developers, critical bugs still creep in
that can open your system to the world.

For those of you with some time on your hands, try giving
the challenge a shot.  This month, it involves an attack on
an NT IIS server.  I was amazed at how quickly the system
was taken over.

What I found more interesting, was trying to determine
what the adversary was thinking.  Since I had the trace, I
could see every typing error, the delay from when he made
a mistake and realized it, and the files that he found
interesting.  Even though I did a pretty bad job of
figuring out how he broke in, I think I did OK trying to
figure out the person behind the keyboard.

While on the security soapbox, I should mention that a
third Linux worm, Adore, has been spotted.


This one uses the three vulnerabilities used in Ramen
(rpc.statd, wu.ftpd, and lpd), and the one used in 1i0n
(named).  As Linux gains in popularity, specifically the
popularity associated with large scale attacks on Linux
boxen, these worms are going to keep on coming and coming.

One problem, I think, is that people become complacent and
assume that their system is secure.  Linux can be just as
insecure as NT or anything else, don't forget that.  The
benefit of Linux (and Unix), is the open nature of the
software.  Fixes come out faster.  The more eyes on the
code, the more likely that the bug will be found by the
good guys first.  Due to the low level at which you work
in Unix, it is easier to confirm that no services are
hanging around, and anomalies show up more easily.

Your best defense is to keep informed, both through web
sites and your own logfiles.

Long live the Penguin,


Visit The Linux Newsletter Board

2) Linux News

Ximian Survey
Ximian, formerly Helix Code, has an online survey for you.
Take five minutes to let them know how you use Linux, and
you could win a DVD player.


Lion Virus is Out There...
Hot on the tails of the Ramen worm is the Lion... This one
goes after known BIND vulnerabilities, and then installs
a rootkit (trojaned binaries, sniffers, etc).  This makes
it harder to detect on your system, and far more dangerous.


Transgaming CEO on WineX
Transgaming is a company that is working on getting Windows
games to work on Linux.  They're doing this by supporting
the WINE project, specifically on DirectX development.
The CEO of the company talks about what the status and
direction is, and also tosses in some wicked screen shots.


NSA Linux
A couple of weeks ago I brought you a couple of links on
the technical aspects of the NSA Linux project.  Here
is a higher level overview of what's happening, and what
the potential benefits are.  Believe it or not, this super
secret spy agency is planning on releasing the code, too!


3) Linux Resources

Securing DNS with Transaction Signatures
BIND has the ability to use Transaction Signatures (TSIGs)
in order to sign DNS requests.  For example, you could set
up your secondary servers so that zone transfers are
authenticated, thus preventing some DNS poisoning attacks.
Read on to find out how this feature works.


Free IBM Developer's Kit
Order up this CD, and get free applications like Domino,
DB2, and WebSphere from IBM.  I just got my CD in last week
so I haven't had a chance to look at the apps, but the
documentation that IBM has put on this CD is amazing.  The
license is only for development, so if you want to roll it
out it'll cost you, but it's a good way to get your feet wet.


Put Away the WINE
Most people think VMWare and WINE when it comes to running
Windows apps under Linux, but this article brings forth some
other contenders. One is an application server, designed for
the corporate environment, the other a cross between WINE
and VMWare, made for the desktop.


More Linux Clustering
The Linux Virtual Server project is designed to allow you
to build large clusters of Linux boxen that act as one, such
as a web server farm.  Ericsson Research studied the scaling
capabilities of the LVS, and gave this report, along with
instructions on the implementation of their test farm.


Why I chose Windows NT over Linux: Not This Time!
While this article is another "How I converted to Linux"
story, it does have a lot of good technical information that
most other stories of its kind don't bother to include.
It's got a procedure to build a Samba PDC, hints on building
an email server, and some other odds and ends.


4) App o' the week
This week's app claims that it is "Sniffing the glue that
holds the Internet together".  This may seem odd until I
mention that it is Ethereal, a network protocol analyzer.
It has a lot of the features you'd expect in a packet
sniffer, and it's free.


(C) 2001 BrainBuzz.com. All Rights Reserved.


         This message is from BrainBuzz.com.

You are currently subscribed to the
   Hottest Linux News and Resources
   as: sean@ertw.com

To un-subscribe from this newsletter by e-mail:
   send a blank email message to:


To Subscribe to this newsletter by e-mail:
   send a blank email message to: