A few thoughts on potenital problems:
Thijs Welman wrote:
Unfortunately i don't have the resources to get an IDS system up and running...
A bare-bones IDS isn't all thet extreme to build, especially if you are only interested in a single network. Debian stable + snort source package from unstable might be your best bet...
regards and tia, Thijs Welman Delft University of Technology the Netherlands ----- [0] My server is running Debian stable with: - linux-2.4.21-ac4 custom compiled kernel without LKM-support - sshd - apache - apache-ssl - php4 - smbd/nmbd (firewalled at the university network border)
NOTE: Ok, firewalled at the network border, but could poorly-secured internal windows machines have been used as a springboard for an attack?
The same goes for the below services, are you sure that all the machines and people on the same side of the firewall are completely trustworthy? This is a big hole if you're only firewalling at the border of your campus network, and have a wide variety of machines out there...
- postfix (not accessible from outside) - bind9 (not accessible from outside) - mysql (firewalled) - proftpd (firewalled) - snmpd (firewalled) - amanda-client from inetd (firewalled) All packages are unmodified releases from Debian stable and, yes, i do update packes from security.debian.org as soon as there are any updates. :)
Was anyone else logged in at the time? Perhaps one of your admins had a weak or compromised password?
--Rich _________________________________________________________ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _________________________________________________________
