On Sun, Aug 29, 2004 at 11:04:18AM +0000, [EMAIL PROTECTED] wrote: > > I can only guess that they got in because I screwed up while doing a > few little experiments and forgot to turn the firewall back on. > > The couple other systems that are currently active on my network are > running 98SE at this time with ZA Pro and AVG Antivirus, so they > haven't been violated. My workstation is currently the only Linux box > in the house, and has a direct connection to the Internet, whereas > all other systems are going through one of the other 98 Boxes set up > with Internet Connection Sharing (nice having both an Ethernet port > and a USB port on the cable modem and having 2 IP addresses...) > > As for the other questions, I have no idea, since I wiped the entire > system already.
I suspected this. I didn't recommend any forensics since you seemed to want to get back up in the saddle asap. Would have been nice to know, but no worries now. > To late for that now. I already did the reinstall, and am > troubleshooting some other issues, which I will save for either a > different post, or for further down in this message. My top priority > is getting back up and operational. Thankfully, I have a couple other > systems I can work with online while I do these fixes (DOS 6.22 and > WfW 3.11 is quite the screamer on a P- 120 with 64MB RAM) :D Woo joo...I have gots to get me some of that hot technology...:) > It is also not too likely that the incident will be repeated, since > > A: Guard Dog Firewall gets activated at boot > B: At the moment, Mepis can't seem to detect the NICs on my MB. Just make sure you stay up on your updates, and as I recommended, run a host-based and network IDS. Think of the firewall as a fixed fortification. Any fortification can be gone over, around or battered down with enough time if there are no watchers on the gate. Remember the Maginot Line in France... > I suspect the NIC issue probably has something to do with how the > permissions were set when I transferred /tmp /root /usr /usr/local > /var /opt and /home to their own dedicated partitions. I suppose I > should reboot yet again with the Mepis CD and have a look at how they > are supposed to be set. One thing to check on this, do a chmod 1777 /tmp and check your ownership. That one thing will transparently break a boatload of stuff. > Here is the scheme I went with: > > /dev/hda > > / 3GB > swap 2GB > /tmp 1GB > /root 1GB > /opt 10GB > /var 3GB > /usr 20GB > /usr/local 35GB I don't know how fluid your drive space needs are (though I could see your needs changing fairly often), but you also might want to consider running Logical Volume Manager (LVM). It abstracts hard drive structure and allows you to create volume groups and logical volumes. The best part about this is that you can resize partitions on the fly, literally without unmounting the filesystem. I do a lot of video work, and have extended the partition on which I was recording a movie off of cable, without interrupting recording. Its something that would allow you to allocate your filesytems efficiently without wasting a bunch of space, and to reallocate should your needs change. --Brad > /dev/hdb > > /home 3GB > /shared 8GB > /workspace 2GB > > > Well, back to troubleshooting... > > > > > > > > > > > > > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
