[NCLUG] I was hacked!
dobbster
dobbster at frii.com
Fri Dec 29 13:33:47 MST 2000
Hi,
Maybe this is a little off the current thread, but I was wondering if I
am safe...
I run portsentry/hostsentry on my server, and I see that regular
attempts are made on various ports (111/portmapper, 1080, 143/imap). I
am not too concerned about this, but I was wondering why they tend to
hit these particular ports?
Also - I have telnet disabled, but I do have in.ftpd running, and I need
to leave it on (and without ssh) for a handful of my Windows users. My
logs show that FTP gets attacked pretty regularly, but anonymous FTP is
turned off. I also have the inetd services running through tcpd, and
only specific networks are permitted to use FTP according to my
hosts.allow/hosts.deny.
Is this safe? Can someone point me to an article which explains the FTP
bugs and what I might do to make things safer?
Another thing that seems weird is that I rsync our main server to a
machine on my DSL network (two different networks), using a root
.shosts. When the attackers hit one machine, they tend to hit the other
as well. This strikes me as odd; how would they know that I am
rsyncing?
Security is a serious pain in the ass. It's hard to keep up with
everything. I wish they'd go away and leave us alone!!!
Thanks,
Mark (dobbster at frii.com)
More information about the NCLUG
mailing list