Nekochan Net

Just wanted to ask if anyone has noticed any security intrusions or virus (etc) on their Irix Platforms these days?

I have my platforms sitting behind a straightforward Netgear Router/Firewall and have not noticed anything attempting to cause problems. Did use to run IPFilter, but have been running without that for a while and not noticed anything at all.

Have to admit, most of the time I am running Irix 6.2, but also 6.5.22 and even 5.3 and have not noticed any real issues.

Have I been lucky, or is Irix/Unix as a target for virus etc no longer of interest to attack?

I suspect that a little of it is luck and a little of it is nobody cares enough to hack the platform anymore.. However I think some generic attacks against Linux, etc would also work against IRIX so its just not worth the risk...

However..

http://www.nekochan.net/wiki/IRIX_6.5.22#Security

Maybe "Security" is worthy of a wiki topic in itself... Given physical access to the machine, its a 2 minute job, and some attacks are just fun to muck about with...

http://www.nekochan.net/wiki/Root_passw ... es_in_IRIX

R.

_________________
死の神はりんごだけ食べる

アレゲはアレゲ以上のなにものでもなさげ -- アレゲ研究家


J5600, 2 x Mac, 3 x SUN, Alpha DS20E, Alpha 800 5/550, 3 x RS/6000, Amiga 4000 VideoToaster, Amiga4000 -030, 733MHz Sam440 AmigaOS 4.1 update 1. Tandem Himalaya S-Series Nonstop S72000 ServerNet.

Sold:

Cortex ---> http://www.facebook.com/pages/Cortex-th ... 11?sk=info
Minnie ---> http://www.facebook.com/pages/Minnie-th ... 02?sk=info
Book ----> http://pymblesoftware.com/book/
Github ---> https://github.com/pymblesoftware
Visit http://www.pymblesoftware.com
Search for "Pymble", "InstaElf", "CryWhy" or "Cricket Score Sheet" in the iPad App store or search for "Pymble" or "CryWhy" in the iPhone App store.

Irix has the reputation as an insecure operating system. The reason for that is the very insecure default installation of Irix, with open user accounts and web servers. In my experience Irix can be very secure, if you know what you are doing. I used Irix in the past for several Internet services without any problem. We simply forget a Challenge S running Irix 6.2 as a nameserver accessible from the Internet. It was running for more than 5 years without any administration and never get hacked. Today I still use the Internet with my Irix computers behind a router configured with NAT and I have no problems at all.

_________________

I'd like to add a pedantic note on the use of 'virus'... To me, this means a small program hiding inside another program. It's rather often used for a lot of other things like web browser exploits and whatnot these days (meaning since the mid 90's or something diluting the term. I guess it's like 'hacker'... Sticks in the eye a bit on this forum.

I read a paper once about how ELF binary file viruses were, in theory, possible; but such a thing is probably quite rare.

As for IRIX vulnerabilities, my octane is directly connected to the internet via ipv6 (ipv4 is NAT'd due to other constraints) and I've had no known security breaches; but then that's the trick with security breaches, isn't it.

_________________
halo, octane
N.B.: I tend to talk out of my ass. Do not take it too seriously.

viruses as a technology are simply more applicable to a 1980s scenario where people share programs via floppy disks. they have been supplanted as an active security threat by more advanced tools that can spread through the network, like worms, rootkits, shellcode, etc. not in any way related to binary formats.

_________________

yeah, viruses are totally a thing of the past especially given how things like e-mail, ftp, scp, http, torrent, etc, make the distribution of binaries such a hassle.

_________________
"Was it a dream where you see yourself standing in sort of sun-god robes on a
pyramid with thousand naked women screaming and throwing little pickles at you?"

thanks for making my point. except for email (with which I have never sent or received an executable) those all centralize either the storage of packages or at least their fingerprints. to inject code into a computer system today requires the use of remote exploits, something that was never an issue for 1980s virus writers.

_________________

I assume that if your perception was correct, viruses would have died off with DOS and the floppy. But they did not, the opposite in fact.

_________________
"Was it a dream where you see yourself standing in sort of sun-god robes on a
pyramid with thousand naked women screaming and throwing little pickles at you?"

It all depends on which services you expose to the internet.

A firewalled IRIX machine with no open ports is going to be impossible(*) to crack from the internet, but you must realize that IRIX 6.5 was introduced in 1998, and even IRIX 6.5.30 is some 7 years old now. This is ancient history in internet time.

IRIX 6.5.30 installation comes with OpenSSL 0.9.7e and OpenSSH 3.0p1. You could install IRIX Patch 7246 (OpenSSH security patch, 14-Apr-2011), and IRIX Patch 7217 (OpenSSL security patch, 09-Sep-2008), but a quick look HERE will show you how many OpenSSL vulnerabilities were reported since (and that doesn't include OpenSSH vulnerabilities).

Last patches to 'named' were in November 2009. I don't run bind on my IRIX systems, but it's probably some obsolete 8.x version. Again, many, many issues.

Ditto for just about any other service (apache, ftpd, ...)

While the system is vulnerable, there's most likely nobody left that bothers to write exploit code for IRIX system anymore. This is called security through obscurity

So, my advise: if you want to run an IRIX system as an internet server, compile your server software from (current) source code, and firewall everything else. I believe this is what Pete did as well, back when he ran Nekochan on an Origin 350.

(*) Unless there's a bug in the firewall.

_________________
Now this is a deep dark secret, so everybody keep it quiet
It turns out that when reset, the WD33C93 defaults to a SCSI ID of 0, and it was simpler to leave it that way... -- Dave Olson, in comp.sys.sgi
Currently in commercial service: (2x)
In the museum: almost every MIPS/IRIX system.
Wanted: GM1 board for Professional Series GT graphics (030-0076-003, 030-0076-004)

it is not necessarily safe to rely on only a firewall for security. in the case of vulnerable user agent software, simply causing the client to request a malicious resource can open a vulnerability. One prominent example for many years has been Adobe Acrobat. there are many other examples of overflows, etc, in client software that can be exploited by tricking the client to fetch malicious content.

_________________

Or do not expose it directly to the internet, I use a proxy (a linux box) myself, which I hardened pretty good. But again, IRIX has never claimed to be about security, even "trusted IRIX" doesn't give more security, just compartimentation and other few things the military needs. I've ran it for a few, it's not all useful really.

_________________

That's a good way to go about it. What I do: squid proxy on a hardened linux box with one ip facing the Internet and one ip facing my internal lan. The linux box listens to internal lan requests only and silently drops any outside requests. In addition, I've done the basic recommended Irix hardening.
If you want to see what your Internet security profile looks like, ShieldsUP (https://www.grc.com/x/ne.dll?bh0bkyd2) is a website that will scan your Internet connection for security vulnerabilities and report it's findings to you. Before you decide to use it, note the disclaimer on their web page:

_________________
asterix - R16K 700 MHz, V10, 2 GByte ram
speedracer - Dual R14k 600 MHz, V12, 2 GByte ram
moosehead - R12k 400 MHz, 768 MByte ram
Ox - R5k 300 MHz, 224 MByte ram
ryoko - R5k 180 MHz, 128 MByte ram
[ -] stingray - Macintosh IIci