Apr 242008
 


ARP attacks are the easiest attacks that can be launched on a network or a Server causing a Denial of Service. One of those things that can be done on the Sun Solaris Operating System is to alter the caching time for the ARP cache whch reduces the time that a rogue ARP entry stays in the ARP table. While this is not fool proof but can certainly make it that extra difficult to the hacker.

The default time that ARP entries are cached in a Sun Solaris system is 5 mins.

Continue reading »

Mar 192008
 

Solaris Operating Environment by default is configured to both accept and send  the ICMP Redirect messages. According to RFCs, only a router or a gateway device should send an ICMP Redirect message and any other hosts should only be able to receive the ICMP Redirects. If the Solaris server is not acting as a Router or a Gateway then sending ICMP Redirect message should be disabled. The same applies to accepting ICMP Redirect messages if the solaris server is not required to receive ICMP Redirect messages (say a single Router/Gateway network/subnets scenario) as a malicous hacker could send fake ICMP redirect messages to modify the routing table on the host and potentialy cause a Denial of Service attack.

Continue reading »

Mar 192008
 

IP packet forwarding is the process of routing packets between network interfaces on one system. A packet arriving on one network interface and addressed to a host on a different network is forwarded to the appropriate interface. While this is a job for the network router, Servers with multiple interfaces connected to different network can perform this action as well. This behaviour as a router is a default in Sun Solaris Operating Systems.

Continue reading »

Jan 242008
 

Network File System (NFS) security in Sun Solaris can be enhanced by restricting the source ports for the client connections for NFS to be only privileged ports. The privileged port range is from 512 to 1023. Enabling this security feature for NFS in solaris, checks if the source ports from the clients from privilege ports. This prevents malicious users from gaining access to files exported/shared by the NFS server by preventing custom RPC based scripts or applications being used on unprivileged ports.

Continue reading »

Jan 102008
 

Syslog daemon in Solaris by default is enabled for remote logging and will listen on UDP port 514 for syslog messages from remote systems. Unless, the server is acting as a remote logging server, this can be a Security issue as a malicious user can launch a Denial Of Service (DoS) attack on the server.

Continue reading »