> On 7 Sep 2000, Nasir Mahmood wrote:
>
> > 1. How I check which port services are running except through
> > /etc/inetd.conf.
> >
> > 2. How I can kill harmful port addresses to check above attackes.
> >
> > More info: My system is under Danial of Service Attack Service. It is
> > continuously generating heavy traffic towards many of my IPs from Yahoo & AOL.
> > These IPs belong to Dial-up Modems. Attack is continuous even after Dial-up
> > user logoff. Due to this reason, my limited bandwidth is experiencing heavy
> > congestion.
>
Pekka Savola wrote:
>
> Reinstall net-tools package, to confirm that your 'netstat' program has
> not been replaced. Then use 'netstat -ltu' to see which ports are
> listening on your system. You might need to reinstall other packages too.
>
> If you do find out your system has been hacked into, I strongly suggest
> you backup and install everything from scratch.
Reinstalling will fix any currently hacked services, but that
will just require the vandal to re-infect the system. Along with
fixing any hacked files currently on your system, I think you
need to look into adding "deny" rules to your ipchains - both to
block external access to the ports used to infect your system,
and to dump any output of the infected services or incoming
external attacks. (Assuming that you're using ipchains as your
fireall.) If you use "refuse" in your ipchains rules, your
system generates a service refused message back out for every
incoming message - with the replies sometimes directed at another
target of the vandal. Deny rules don't respond to attacks, so
that at least they don't compound the problem.
DSL reports offers a number of free and fee on-line tools to scan
your ports and test the external security of your firewall:
http://www.dslreports.com/tools
--
Kort E Patterson
http://www.overalltech.net/
http://www.hevanet.com/kort/
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
