Security in Puppy Linux: running as Root

For discussions about security.
Message
Author
tlchost
Posts: 2057
Joined: Sun 05 Aug 2007, 23:26
Location: Baltimore, Maryland USA
Contact:

#41 Post by tlchost »

nooby wrote: What then do you know about what snayak
asks us about the IRC channel. I had same experience
as him and a guy told me that "I will kill you" and him
living just 30 minutes by car from me that scared the hell out of me.

And this where the Puppy channel on IRC. So I never used it again.
Unless you ask the freenode folks to cloak your account, anyone can see your IP address when you are on IRC....and from that, it's possible to determine your location.

So, you can log into the #freenode channel and ask that you be given a cloak...once you have one, you IP addess does not show up.

If you are on IRC and someone threatens you, you can submit a complaint....the Freenode staff takes threats seriously and will help you.

If you take steps to understand how the technology works, you have a better chance of protecting yourself.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#42 Post by nooby »

tlchost wrote:...
If you are on IRC and someone threatens you, you can submit a complaint....the Freenode staff takes threats seriously and will help you.

If you take steps to understand how the technology works, you have a better chance of protecting yourself.
thanks for this assurance. Now I am not that bright that I can do that.
"If you take steps to understand how the technology works"

I just use my computer I know very little about the software.
I know a bit more about the hardware but that is not so much either.
I use Google Search on Puppy Forum
not an ideal solution though

tlchost
Posts: 2057
Joined: Sun 05 Aug 2007, 23:26
Location: Baltimore, Maryland USA
Contact:

#43 Post by tlchost »

nooby wrote:
thanks for this assurance. Now I am not that bright that I can do that.
"If you take steps to understand how the technology works"
If you say so....I doubt it.

snayak
Posts: 422
Joined: Wed 14 Sep 2011, 05:49

#44 Post by snayak »

@tlchost
If you say so....I doubt it.
May be nooby is saying on behalf of common men. I salute.

I have suggested some idea on banking security.
http://murga-linux.com/puppy/viewtopic. ... 382#662382

I know, nooby is going to kill me for I said in the above post, I am convinced of using puppy as root. ;-) I really mean, non-root still can impose some security threat and we still can improve our security as root too.

For the ideas, thanks are due to 666Philb.

Sincerely,
Srinivas Nayak
[Precise 571 on AMD Athlon XP 2000+ with 512MB RAM]
[Fatdog 720 on Intel Pentium B960 with 4GB RAM]

[url]http://srinivas-nayak.blogspot.com/[/url]

gcmartin

IRC - A problem ???

#45 Post by gcmartin »

snayak wrote: ... For the ideas, thanks are due to 666Philb. ...
I AM NOT an IRC user, nor am I an expert on IRC security exposures.

But, as I do understand how information is transported over the net, ALL methods require an origination and destination address. REQUIRED for Internet transport. Further, applications requests and use ports as a means of identifying who they are talking to.

Any public IP address is suppose to be a REGISTERED IP address. That is to say that some location, ISP, vendor, corporation, or person, has paid and owns an IP address range that has a physical location address associated.

So, for example, in many cases, the IP address that is assigned for use via your ISP (the internet on-ramp you are using) has a physical location associated; sometimes its the ISP's. That IP address can be looked up and the physical address can be shown to anyone interested. Also, if you have an IP address, you "can" ask your ISP to identify it physically, and they will.

Some ISP, maybe even yours, registers or assigns your physical address with the IP address you are given for internet use.

Are you exposed...my initial response is NO! And, I need not go into the reasons why,

Could you get infected...maybe...but, I would guess if this were a common problem, it would have been identified and addressed many years ago. IRC has been around that long.

Lastly, you have already identified one approach. Be cautious of the items you personally would download that would expose critical information.

But, you may be on to something and YOU MAY BE ABLE TO HELP THIS COMMUNITY ADDRESS IT, if so.

Here to help

User avatar
Q5sys
Posts: 1105
Joined: Thu 11 Dec 2008, 19:49
Contact:

#46 Post by Q5sys »

snayak wrote:Dear All,

Thanks to gcmartin for his nice post. I too was not bothered about security till last month.

Last month I started using IRC. Soon I found that somebody caught me and said, why are you using irc as root? I was surprised. He immediately told me my residence address. I was afraid! I thought, he started tracking me. I immediately closed my chat and never going back to irc, with a fear. :-(

So, came and ask here. Immediately got a reply that, don't use puppy! I must say sorry to our friend gposil. In this connection, I shall be happy to say that, puppy, itself is a virus, that does not affect computers but affects humans and that to affects mind. I am infected by puppy, and can you please advice, how can I leave it? Now, I shall blame puppy, who taught me about irc. I recently get to know about irc from attym chat that comes with puppy! :-D

Lets say, I will use irc as root with puppy's firewall, I shall not run any bots/scripts from others, I shall not accept any files from others, I shall not use any irc commands without knowing what it does, shall not use the advices others may give over irc, can anybody still can be an intruder to my pc and steal private informations?

I mean, following all the good practices for security, is there still a chance that one can intrude?

Sincerely,
Srinivas Nayak
I wouldnt worry that much about IRC. Yes it broadcasts your IP address, but thats the way IRC works. That in itself isnt a vulnerability or threat. However your IP address along with tons of other information you post about yourself online can add up to a threat... IF... someone really wanted to get you. You've got to stop and ask yourself, (no disrespect intended) but are you really worth someone's effort to go out of their way to go after?

I'd say you're more at risk by what you post online. I'm going to guess you were using this same screen name. If so... some one could google search it (after all your name is unique). Once they google search it they'd find your posts here. So they'd know you run puppy linux. Anyone researching Puppy LInux would find out everything runs as root... so he wouldnt need an IRC vulnerability to find that out.
Of course if he's on this forum then he can see your signature. Which would lead whoever to know your real name, where you work, what you do, etc.
All of which is way more information than the IP address your IRC client is revealing.

If you are worried for personal safety, think a bit more about what you post on the internet. If someone was wanting to come after you... that information would be far more valuable than your irc client.

But to be clear... I dont think anyone is out to get you. :)

Post Reply