Re: I've been hacked

Fri, 13 Oct 2000 13:36:47 -0700 

Well you need to get hosts.allow and hosts.deny going. I usually place the
statement ALL: ALL in my hosts.deny then I determine what if any IP's I will
allow in and for what services so I can enter them into my hosts.allow. An
example here would be ALL: 168.100.200.  This would allow any IP address
from 168.100.200.1 to 168.100.200.254 in for any service. This will get you
started. Then I would also run portsentry which is found here:

http://rpmfind.net/linux/RPM/contrib/libc6/i386/portsentry-1.0-4.i386.html

It is easy to set up with the readme and will monitor port activity and shut
a potential hack out of a port if they are not in the excluded IP's file.
Then I would read up on IP Chains as you can actually produce a true
firewall in front of your machine via IP Chains. You may want to dedicate a
different machine if this is on a network to do this task for you. But first
get hosts.allow/hosts.deny going and portsentry. That should eliminate most
hacks. hosts.allow and hosts.deny should have stopped the anonymous ftp that
you discovered.


Eddie Strohmier


----- Original Message -----
From: "Spunk S. Spunk III" <[EMAIL PROTECTED]>
To: "RedHat" <[EMAIL PROTECTED]>
Sent: Friday, October 13, 2000 3:16 PM
Subject: I've been hacked


> It's one of those things... I don't NEED anonymous ftp but I left it on
> anyway. Either way, I had noticed last week that I had a few anonymous ftp
> connections which raised my suspicions but I didn't see anything else that
> alarmed me. But after getting back from a trip, I took a peek at my logs
and
> found some bad things. Promiscuous eth0, garbage data in the logs, syslogd
> restarts etc... No big deal for me at this point. This was a test server I
> use and was planning on killing this weekend anyway. My questions are
these:
>
> 1. How does one go about hacking a machine via ftp? I mean, it would be
nice
> to understand HOW it is done in order to prevent it.
>
> 2. Besides turning off anon. ftp, what else should I secure (ftp wise)
>
> 3. As a case study, how can I tell what he/she did exactly (I guess a part
> of question 1)
>
> Thanx,
> Spunk
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to