[luau] Looking for help on attempted cracking....
Ben Beeson
beesond001 at hawaii.rr.com
Sun Oct 12 21:18:01 PDT 2003
Vince,
SSH is closed on the firewall, although it is running on my box. As far as
keeping my box updated goes, I regularly run up2date among other things.
While I realize that that may not cover everything, so far it has served me
well (until now that is...)
I'll work on a better way to verify that my firewall script is working.
Typically, I check the boot logs to make sure that it loads when I do boot,
and I am seeing log entries where the firewall is blocking various IPs when
certain rules are matched. From that I gather that the firewall is working,
but as you can see here, it appears that on at least this occasion, it did
not stop a connction to my ftp directory that it should have.
Reinstall coming very soon....
Thanks,
Ben
On Sunday 12 October 2003 09:09 am, you wrote:
> On Sat, Oct 11, 2003 at 09:47:35PM -1000, Ben Beeson wrote:
> > 1) How did the cracker get past the firewall?
>
> Is SSH open and unpatched? I bet it is.
>
> > 2) Does this represent a hole that can be plugged?
>
> You can plug it up, but there are no guarantees a backdoor was
> not left behind.
>
> > 3) What else should I check or do to make sure that I'm not
> > "owned" by someone but me?
>
> Completely reinstall your system, installing only what you know
> you need.
>
> Update all your packages.
>
> > 4) How can I keep this person out in the future?
>
> Keep your system updated.
>
> Read up on file integrity scanners. Audit your filesystem regularly.
>
> How do you know the firewall script worked? Do not just run a
> script and expect it to work the way your think it supoosed to
> work. Verify.
>
> -Vince
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau
More information about the LUAU
mailing list