I've been a Ubuntu user for 10 years and was astonished to learn today that iptables just lets everything through by default on Ubuntu desktop. I'm a grad student in a CS department at a university, and had to learn this the hard way after one of the desktop machines in our lab was compromised.
In our case, the breach was a result of three layers of failure: 1. Some past owner of the machine let Docker listen on 0.0.0.0:2375. This is a really bad idea because it gives root access to anyone on the same network, but unfortunately there are people on the web that recommend doing this without explaining the ramifications. For instance, here is someone recommending this as a workaround for a minor configuration issue in the default Docker install, which could easily be resolved without listening on a public interface: https://gist.github.com/styblope/dc55e0ad2a9848f2cc3307d4819d819f 2. This insecure default could have been caught by an OS firewall, but unfortunately the FW was disabled by default. 3. Even the above two holes could have been made slightly less severe with NAT, or firewalling at the university level, but unfortunately our university assigns every ethernet-connected machine a public IP and allows all traffic in by default (except port 22, because 'security'). The machine was in this configuration for years until the campus intrusion detection system noticed some suspicious traffic to the machine, which prompted our discovery of the three issues above. Hopefully it's clear from my explanation that the problem here was not just UFW. Docker should never have been configured to listen on a public interface. The university should probably not be letting random inbound traffic to desktop machines by default (or should at least clearly communicate that this is the case). The person who set up the desktop should have realized they had to enable a firewall. Nevertheless, I'm sharing this anecdote to illustrate that even fairly sophisticated users can easily get burned by insecure configurations. Having no firewall enabled by default makes this worse. The desktop in this story was previously used by a research engineer and then a CS PhD student. If they can't get it right, then what hope does the average Ubuntu user have? I'm sympathetic to the concerns raised above about unexpected config changes. It would be unacceptable if an apt upgrade suddenly brought down a web server or cut off ssh access. However, I expect there are ways that the majority of Ubuntu users could be protected without hurting running systems. For instance, you could enable ufw by default in the Ubuntu Desktop install media. ------ Addendum: you may think "hah, what idiot would open up a remote root access hole on 0.0.0.0?" Unfortunately, I've seen this as the *default* configuration for lots of software that really has no need to listen on public interfaces. The worst was a somewhat-popular scientific visualization tool that had no authentication and allowed for remote code execution by design. It's surprising how many developers don't realize what a terrible idea this is, and ultimately their users suffer for it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/382938 Title: ufw should be enabled by default Status in ufw: Invalid Status in ufw package in Ubuntu: Triaged Bug description: Binary package hint: ufw ufw should be enabled by default in Ubuntu. To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/382938/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
