Nekochan Net

Official Chat Channel: #nekochan // irc.nekochan.net
It is currently Tue Nov 25, 2014 10:19 pm

All times are UTC - 8 hours [ DST ]


Forum rules


Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.



Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: IRIX security
Unread postPosted: Sat Nov 20, 2010 2:04 am 
Offline
User avatar

Joined: Mon Mar 31, 2008 6:47 am
Posts: 276
Location: Oldenburg, Germany
It's common knowledge that irix isn't exactly the most secure OS on the planet, but when nekonoko was running nekochan.net on his O350s, were there any breakin attempts? Just for curiosity's sake.

_________________
Originally Posted by Tommie
Please delete your post. It is an insult to all the hard work society has put into making you an intelligent being.

Like somebody at AMD said about a decade ago: Benchmarking is like sex. Everybody brags about it, everybody loves doing it and nobody can agree on performance.


Top
 Profile  
 
 Post subject: Re: IRIX security
Unread postPosted: Sat Nov 20, 2010 2:37 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Thu Jan 23, 2003 2:31 am
Posts: 7991
Location: Pleasanton, California
No, not that I'm aware of. As long as you limit which ports/services are exposed and keep your open source components up to date (Apache, PHP, MySQL etc) it's no worse than any other OS.

_________________
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.


Top
 Profile  
 
 Post subject: Re: IRIX security
Unread postPosted: Sun Nov 21, 2010 9:39 am 
Offline

Joined: Wed Jul 19, 2006 8:37 am
Posts: 5758
Location: Renton, WA
You can also keep an eye out for the advisories on other vanilla-esque SysV Unices. The good thing about IRIX is that as an open system you can swap in many of the services from an xBSD or GNU system if something comes up. AFAIK there haven't been any core compromises in a while (kernel errors, libc errors, etc.)

_________________
Damn the torpedoes, full speed ahead!

There are those who say I'm a bit of a curmudgeon. To them I reply: "GET OFF MY LAWN!"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)


Top
 Profile  
 
 Post subject: Re: IRIX security
Unread postPosted: Thu Nov 25, 2010 10:07 pm 
Offline
User avatar

Joined: Wed Jul 13, 2005 9:54 am
Posts: 397
Location: Hillsboro, OR
Well, honestly who is actively looking for IRIX vulnerabilities? And why would they even bother?

_________________
My computers including Alphas, MIPS, PA-RISCs, VAX, and SPARCs.


Top
 Profile  
 
 Post subject: Re: IRIX security
Unread postPosted: Thu Nov 25, 2010 11:14 pm 
Offline
Moderator
Moderator
User avatar

Joined: Mon Jun 06, 2005 9:53 pm
Posts: 2959
Location: USA
mattst88 wrote:
Well, honestly who is actively looking for IRIX vulnerabilities? And why would they even bother?

All you need is one open door, and if compromising a vulnerable IRIX box gets you through that door onto a local net, then it may well be game over. The IRIX box is not necessarily the target, but the vector, and in an age when botnets control cpu power and bandwidth that were once the sole province of governments with supercomputers, adding a probe for a set of IRIX vulnerabilities does not have to be a costly proposition.


Top
 Profile  
 
 Post subject: Re: IRIX security
Unread postPosted: Fri Nov 26, 2010 11:57 pm 
Offline
User avatar

Joined: Mon Nov 12, 2007 8:54 pm
Posts: 1343
Location: Berkeley, CA, USA, NA, Earth, Sol
On the one hand, botnets are a game of scale and volume so at least the operators thereof will be more interested in Windows, Linux variants, and maybe OS X. On the other hand, people concerned with penetrating new and interesting sites will use whatever gets them in the door. In that case targeting more *NIX variants may well be worthwhile, in which case it isn't so much a question of developing new IRIX exploits as keeping old exploits and rootkits on hand. With good OS fingerprinting you can even make sure you're only trying those methods when dealing with that variant.

And yes, if they're renting botnets or have similar resources, they can afford to twist a lot of doorknobs in a lot of different ways. But when you start assuming specific targeting by a party with serious resources, you may be into a different conversation than where the OP started...

_________________
Then? :IRIS3130: ... Now? :O3x02L: :A3504L:- :A3502L: :1600SW:+MLA :Fuel: :Octane2: :Octane: :Indigo2IMP: ... Other: DEC :BA213: :BA123: Sun, DG AViiON, NeXT :Cube:


Top
 Profile  
 
 Post subject: Re: IRIX security
Unread postPosted: Sat Nov 27, 2010 7:56 am 
Offline
User avatar

Joined: Sat Dec 18, 2004 9:21 am
Posts: 301
Location: Stockholm, Sweden
ritchan wrote:
It's common knowledge that irix isn't exactly the most secure OS on the planet, but when nekonoko was running nekochan.net on his O350s, were there any breakin attempts? Just for curiosity's sake.


There is "Trusted IRIX (TIRIX)" for those who needs it, id est governments, educational institutions, banks etc... It's more or less an open secret that it exists and is audited.

_________________
SGI Systems: R4K :Indigo:/256MB/XS-24, R5K 150MHz :Indy:/160MB/XL-24, R10K 175MHz :O2:/640MB, R12K 400MHz :Octane2:/Vpro6/1GB & R4K 250 MHz :Indigo2IMP:/128 MB/XZ Extreme/GIO64 FDDI

"It's a UNIX system! I know this! "


Top
 Profile  
 
 Post subject: Re: IRIX security
Unread postPosted: Sat Nov 27, 2010 11:38 am 
Offline
User avatar

Joined: Mon Nov 12, 2007 8:54 pm
Posts: 1343
Location: Berkeley, CA, USA, NA, Earth, Sol
Nihilus wrote:
There is "Trusted IRIX (TIRIX)" for those who needs it, id est governments, educational institutions, banks etc... It's more or less an open secret that it exists and is audited.

I don't think there was any secret involved, there are press releases and white papers about it achieving B1/LSPP certification.

Keep in mind that while I'm sure they still support it for paying customers, Trusted IRIX is likely at most in maintenance mode. The Trusted IRIX Security Admin Guide was last updated in 2003, from what I can find. Still, it might help and could be educational to play with anyway if you can find a copy.

_________________
Then? :IRIS3130: ... Now? :O3x02L: :A3504L:- :A3502L: :1600SW:+MLA :Fuel: :Octane2: :Octane: :Indigo2IMP: ... Other: DEC :BA213: :BA123: Sun, DG AViiON, NeXT :Cube:


Top
 Profile  
 
 Post subject: Re: IRIX security
Unread postPosted: Sat Dec 11, 2010 9:09 am 
Offline

Joined: Wed Jul 19, 2006 8:37 am
Posts: 5758
Location: Renton, WA
smj wrote:
Nihilus wrote:
There is "Trusted IRIX (TIRIX)" for those who needs it, id est governments, educational institutions, banks etc... It's more or less an open secret that it exists and is audited.

I don't think there was any secret involved, there are press releases and white papers about it achieving B1/LSPP certification.

Keep in mind that while I'm sure they still support it for paying customers, Trusted IRIX is likely at most in maintenance mode. The Trusted IRIX Security Admin Guide was last updated in 2003, from what I can find. Still, it might help and could be educational to play with anyway if you can find a copy.


At this point any IRIX is pretty much in maintenance mode, at least de facto maintenance.

For most people you probably aren't going to get too much out of TIRIX that you don't get out of regular IRIX with all the security patches (and a good security setup).

_________________
Damn the torpedoes, full speed ahead!

There are those who say I'm a bit of a curmudgeon. To them I reply: "GET OFF MY LAWN!"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group