Not really an answer to your question but when I first installed our system (trixbox) I opened up all ports on the firewall just for testing purposes. The next day someone already hacked it and got the root account. So I would say that it is very possible that [EMAIL PROTECTED] has a vulnerability. Best thing is to close the server off to the outside and use VPN for remote administration.
On 3/5/07, D. Hugh Redelmeier <[EMAIL PROTECTED]> wrote:
I regularly get attacks against my sshd. I can hear them (the disk makes a fairly distinctive noise). They occur infrequently enough that I still investigate some of the (unlike SPAM). I just got an sshd attack from 212.109.44.99 (reverses to voice-telecom.sovam.net.ua but this name does not resolve). Futher investigation shows that this is an [EMAIL PROTECTED] box in the Ukraine. It even seems to be still running asterisk -- the web interface seems to work. Perhaps this indicates that there is an out-of-box vulnerability in [EMAIL PROTECTED] Perhaps not. nmap shows: Port State Service 21/tcp open ftp 22/tcp open ssh 25/tcp filtered smtp 80/tcp open http 111/tcp open sunrpc 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 899/tcp open unknown 2000/tcp open callbook 3306/tcp open mysql Is it normal to leave all these ports open to the internet on an asterisk box? In particular, is mysql secure this way? How about sunrpc? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
