-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Apr 07, 2007 at 03:33:34PM -0700, Kamaraju Kusumanchi wrote: > Hi all > > I am using Debian Etch (currently testing). Today from the abuse > department of my ISP, I received the following warning (pasted in > the end). My ISP has suspended my internet connection due to this. > However, I am not able to track down the cause of the problem. I > am wondering if anyone could help me out or tell me a better place > to contact... > > I have used kopete sometime back to contact debian IRC channels. > Other than that I have never heard of this undernet.org. I also > cannot imagine a debian machine (especially with etch being so > near to becoming stable) being compromised as a zombie. > > Here is what I have done so far 1) I have looked in various log files > but could not find any suspicious activity. > > 2) I tried to register at http://forum.undernet.org but their system > is not allowing me register my account. > > 3) I was not able to contact the original sender of the abuse report > as there is no from address in the report forwarded to me. My ISP's > abuse department is closed for the weekend and I am trying to resolve > this issue before approaching them on Monday. > > Any ideas on how to determine+eliminate the root cause of this > problem? Has anyone faced a similar problem before on Debian machines? > > thanks raju >
Are you using any type of firewall to block all incoming traffic? The first thing I'd do would be to set up an iptables firewall, to block all/most incoming traffic (Open up the ports you need, i.e. Apache/Anything else). Try not to run too many abusable daemons, like SSH/Telnet. I'm not a security guru but I haven't really had too much trouble, since I'm always bundled up behind a nice safe firewall. The only services I have running are CUPS daemon and Apache. - -- <o) Debian GNU/Linux - Free as in Freedom /\\ http://digital-haze.net/~pobega/ _\_V Window Maker user, Debian enthusiast -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGGDh3/o7Q/FCvPe0RApUFAJ9Q+9xxR2F6zwl2mJuRobrXkeUcJQCghWhU hLOeJsoSxuAIxnN1PV6N67U= =OfiF -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
