Nekochan Net

Official Chat Channel: #nekochan // irc.nekochan.net
It is currently Thu Apr 17, 2014 1:25 pm

All times are UTC - 8 hours


Forum rules


Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.



Post new topic Reply to topic  [ 12 posts ] 
Author Message
Unread postPosted: Sun Jun 03, 2012 6:59 pm 
Offline
User avatar

Joined: Wed Jan 13, 2010 12:10 am
Posts: 156
Location: Australia
Just wanted to ask if anyone has noticed any security intrusions or virus (etc) on their Irix Platforms these days?

I have my platforms sitting behind a straightforward Netgear Router/Firewall and have not noticed anything attempting to cause problems. Did use to run IPFilter, but have been running without that for a while and not noticed anything at all.

Have to admit, most of the time I am running Irix 6.2, but also 6.5.22 and even 5.3 and have not noticed any real issues.

Have I been lucky, or is Irix/Unix as a target for virus etc no longer of interest to attack?


Top
 Profile  
 
Unread postPosted: Sun Jun 03, 2012 7:33 pm 
Offline
User avatar

Joined: Tue Jul 15, 2008 4:48 pm
Posts: 1887
Location: P.O. Box 121, Pymble, Sydney, NSW 2073, Australia.
I suspect that a little of it is luck and a little of it is nobody cares enough to hack the platform anymore.. However I think some generic attacks against Linux, etc would also work against IRIX so its just not worth the risk...

However..

http://www.nekochan.net/wiki/IRIX_6.5.22#Security

Maybe "Security" is worthy of a wiki topic in itself... Given physical access to the machine, its a 2 minute job, and some attacks are just fun to muck about with...

http://www.nekochan.net/wiki/Root_passw ... es_in_IRIX

R.

_________________
死の神はりんごだけ食べる

開いた括弧は必ず閉じる -- あるプログラマー

:Tezro: :Tezro: :Onyx2R: :Onyx2RE: :Onyx2: :O3x04R: :O3x0: :O200: :Octane: :Octane2: :O2: :O2: :Indigo2IMP: :PI: :PI: :1600SW: :1600SW: :Indy: :Indy: :Indy: :Indy: :Indy:
:hpserv: J5600, 2 x Mac, 3 x SUN, Alpha DS20E, Alpha 800 5/550, 3 x RS/6000, Amiga 4000 VideoToaster, Amiga4000 -030, 733MHz Sam440 AmigaOS 4.1 update 1.

Sold: :Indy: :Indy: :Indy: :Indigo: Tandem Himalaya S-Series Nonstop S72000 ServerNet.

@PymbleSoftware
Cortex ---> http://www.facebook.com/pages/Cortex-th ... 11?sk=info
Minnie ---> http://www.facebook.com/pages/Minnie-th ... 02?sk=info
Book ----> http://pymblesoftware.com/book/
Github ---> https://github.com/pymblesoftware
Visit http://www.pymblesoftware.com
Search for "Pymble", "InstaElf", "CryWhy" or "Cricket Score Sheet" in the iPad App store or search for "Pymble" or "CryWhy" in the iPhone App store.


Top
 Profile  
 
Unread postPosted: Mon Jun 04, 2012 12:48 am 
Offline

Joined: Tue Nov 17, 2009 2:08 am
Posts: 188
Location: Hamburg, Germany
Irix has the reputation as an insecure operating system. The reason for that is the very insecure default installation of Irix, with open user accounts and web servers. In my experience Irix can be very secure, if you know what you are doing. I used Irix in the past for several Internet services without any problem. We simply forget a Challenge S running Irix 6.2 as a nameserver accessible from the Internet. It was running for more than 5 years without any administration and never get hacked. Today I still use the Internet with my Irix computers behind a router configured with NAT and I have no problems at all.

_________________
:Tezro: :Fuel: :Octane2: :Octane: :Onyx2: :O2+: :O2: :Indy: :Indigo: :Cube:


Top
 Profile  
 
Unread postPosted: Mon Jun 04, 2012 8:55 pm 
Offline
User avatar

Joined: Mon Oct 27, 2003 5:22 pm
Posts: 430
Location: Jakobstad, Finland
I'd like to add a pedantic note on the use of 'virus'... To me, this means a small program hiding inside another program. It's rather often used for a lot of other things like web browser exploits and whatnot these days (meaning since the mid 90's or something :-) diluting the term. I guess it's like 'hacker'... Sticks in the eye a bit on this forum.

I read a paper once about how ELF binary file viruses were, in theory, possible; but such a thing is probably quite rare.

As for IRIX vulnerabilities, my octane is directly connected to the internet via ipv6 (ipv4 is NAT'd due to other constraints) and I've had no known security breaches; but then that's the trick with security breaches, isn't it.

_________________
:Octane: halo, octane
N.B.: I tend to talk out of my ass. Do not take it too seriously.


Top
 Profile  
 
Unread postPosted: Mon Jun 04, 2012 9:58 pm 
Offline

Joined: Mon Sep 12, 2011 1:28 pm
Posts: 479
Location: Boston
viruses as a technology are simply more applicable to a 1980s scenario where people share programs via floppy disks. they have been supplanted as an active security threat by more advanced tools that can spread through the network, like worms, rootkits, shellcode, etc. not in any way related to binary formats.

_________________
:PI: :O2: :Indigo2IMP: :Indigo2IMP:


Top
 Profile  
 
Unread postPosted: Tue Jun 05, 2012 10:57 am 
Offline
User avatar

Joined: Mon Nov 15, 2004 10:36 pm
Posts: 1837
Location: Nor Cal
robespierre wrote:
viruses as a technology are simply more applicable to a 1980s scenario where people share programs via floppy disks. they have been supplanted as an active security threat by more advanced tools that can spread through the network, like worms, rootkits, shellcode, etc. not in any way related to binary formats.


yeah, viruses are totally a thing of the past especially given how things like e-mail, ftp, scp, http, torrent, etc, make the distribution of binaries such a hassle. :)

_________________
"Was it a dream where you see yourself standing in sort of sun-god robes on a
pyramid with thousand naked women screaming and throwing little pickles at you?"


Top
 Profile  
 
Unread postPosted: Tue Jun 05, 2012 11:23 am 
Offline

Joined: Mon Sep 12, 2011 1:28 pm
Posts: 479
Location: Boston
thanks for making my point. except for email (with which I have never sent or received an executable) those all centralize either the storage of packages or at least their fingerprints. to inject code into a computer system today requires the use of remote exploits, something that was never an issue for 1980s virus writers.

_________________
:PI: :O2: :Indigo2IMP: :Indigo2IMP:


Top
 Profile  
 
Unread postPosted: Tue Jun 05, 2012 1:10 pm 
Offline
User avatar

Joined: Mon Nov 15, 2004 10:36 pm
Posts: 1837
Location: Nor Cal
I assume that if your perception was correct, viruses would have died off with DOS and the floppy. But they did not, the opposite in fact.

_________________
"Was it a dream where you see yourself standing in sort of sun-god robes on a
pyramid with thousand naked women screaming and throwing little pickles at you?"


Top
 Profile  
 
Unread postPosted: Wed Jun 06, 2012 3:25 am 
Offline
User avatar

Joined: Thu Jun 17, 2004 10:35 am
Posts: 3769
Location: Wijchen, The Netherlands
It all depends on which services you expose to the internet.

A firewalled IRIX machine with no open ports is going to be impossible(*) to crack from the internet, but you must realize that IRIX 6.5 was introduced in 1998, and even IRIX 6.5.30 is some 7 years old now. This is ancient history in internet time.

IRIX 6.5.30 installation comes with OpenSSL 0.9.7e and OpenSSH 3.0p1. You could install IRIX Patch 7246 (OpenSSH security patch, 14-Apr-2011), and IRIX Patch 7217 (OpenSSL security patch, 09-Sep-2008), but a quick look HERE will show you how many OpenSSL vulnerabilities were reported since (and that doesn't include OpenSSH vulnerabilities).

Last patches to 'named' were in November 2009. I don't run bind on my IRIX systems, but it's probably some obsolete 8.x version. Again, many, many issues.

Ditto for just about any other service (apache, ftpd, ...)

While the system is vulnerable, there's most likely nobody left that bothers to write exploit code for IRIX system anymore. This is called security through obscurity :D

So, my advise: if you want to run an IRIX system as an internet server, compile your server software from (current) source code, and firewall everything else. I believe this is what Pete did as well, back when he ran Nekochan on an Origin 350.

(*) Unless there's a bug in the firewall.

_________________
Now this is a deep dark secret, so everybody keep it quiet :)
It turns out that when reset, the WD33C93 defaults to a SCSI ID of 0, and it was simpler to leave it that way... -- Dave Olson, in comp.sys.sgi

Currently in commercial service: Image :Onyx2:(2x) :O3x02L:
In the museum: almost every MIPS/IRIX system.
Wanted: GM1 board for Professional Series GT graphics (030-0076-003, 030-0076-004)


Top
 Profile  
 
Unread postPosted: Wed Jun 06, 2012 6:58 am 
Offline

Joined: Mon Sep 12, 2011 1:28 pm
Posts: 479
Location: Boston
it is not necessarily safe to rely on only a firewall for security. in the case of vulnerable user agent software, simply causing the client to request a malicious resource can open a vulnerability. One prominent example for many years has been Adobe Acrobat. there are many other examples of overflows, etc, in client software that can be exploited by tricking the client to fetch malicious content.

_________________
:PI: :O2: :Indigo2IMP: :Indigo2IMP:


Top
 Profile  
 
Unread postPosted: Wed Jun 06, 2012 7:20 am 
Offline
User avatar

Joined: Wed Feb 19, 2003 1:54 pm
Posts: 966
Or do not expose it directly to the internet, I use a proxy (a linux box) myself, which I hardened pretty good. But again, IRIX has never claimed to be about security, even "trusted IRIX" doesn't give more security, just compartimentation and other few things the military needs. I've ran it for a few, it's not all useful really.

_________________
:Onyx2:


Top
 Profile  
 
Unread postPosted: Thu Jun 07, 2012 3:52 pm 
Offline
User avatar

Joined: Sat Oct 15, 2011 1:10 pm
Posts: 70
Location: Garland Texas, USA
mia wrote:
Or do not expose it directly to the internet, I use a proxy (a linux box) myself, which I hardened pretty good. But again, IRIX has never claimed to be about security, even "trusted IRIX" doesn't give more security, just compartimentation and other few things the military needs. I've ran it for a few, it's not all useful really.


That's a good way to go about it. What I do: squid proxy on a hardened linux box with one ip facing the Internet and one ip facing my internal lan. The linux box listens to internal lan requests only and silently drops any outside requests. In addition, I've done the basic recommended Irix hardening.
If you want to see what your Internet security profile looks like, ShieldsUP (https://www.grc.com/x/ne.dll?bh0bkyd2) is a website that will scan your Internet connection for security vulnerabilities and report it's findings to you. Before you decide to use it, note the disclaimer on their web page:
Quote:
Your use of the Internet security vulnerability profiling services on this site constitutes your FORMAL PERMISSION for us to conduct these tests and requests our transmission of Internet packets to your computer. ShieldsUP!! benignly probes the target computer at your location. Since these probings must travel from our server to your computer, you should be certain to have administrative right-of-way to conduct probative protocol tests through any and all equipment located between your computer and the Internet.

_________________
:Fuel: asterix - R16K 700 MHz, V10, 2 GByte ram
:Octane2: speedracer - Dual R14k 600 MHz, V12, 2 GByte ram
:O2: moosehead - R12k 400 MHz, 768 MByte ram
:O2: Ox - R5k 300 MHz, 224 MByte ram
:Indy: ryoko - R5k 180 MHz, 128 MByte ram
[ -] stingray - Macintosh IIci


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: Bing [Bot], Yahoo [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group