Daemonshield on sourceforge does this D Dave Bour Desktop Solution Center 905.381.0077 [EMAIL PROTECTED]
For those who just want it to work... Giving you complete IT peace of mind. (Sent via Blackberry - hence message may be shorter than my usual verbose responses) PIN 3010A5AF (as of June 12, 2006) ----- Original Message ----- From: Peter MacFarlane <[EMAIL PROTECTED]> To: [email protected] <[email protected]> Sent: Mon Mar 05 13:47:49 2007 Subject: Re: [on-asterisk] hacked [EMAIL PROTECTED] You should really have a firewall that filters out most of these going to the Internet. As a general rule, only open to the outside what is required for access. That is the best default for security. There is an application or option you can add to your Linux server that cuts off ssh login attempts from an IP after so many attempts. I don't know what it is at the moment but I saw it used. Works well. I use OpenBSD and the pf firewall allows traffic to be directed to specific servers. Hopefully the cracker robots can be cut off there as well. I'll have to check that out. Strong passwords are one of your best assets. I hear that OpenBSD runs Asterisk well also, if you don't need card drivers. That might be a nice two-in-one box. Peter M. D. Hugh Redelmeier wrote: > I regularly get attacks against my sshd. I can hear them (the disk > makes a fairly distinctive noise). They occur infrequently enough > that I still investigate some of the (unlike SPAM). > > I just got an sshd attack from 212.109.44.99 (reverses to > voice-telecom.sovam.net.ua but this name does not resolve). Futher > investigation shows that this is an [EMAIL PROTECTED] box in the Ukraine. > It even seems to be still running asterisk -- the web interface seems > to work. > > Perhaps this indicates that there is an out-of-box vulnerability in > [EMAIL PROTECTED] Perhaps not. > > nmap shows: > > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 25/tcp filtered smtp > 80/tcp open http > 111/tcp open sunrpc > 137/tcp filtered netbios-ns > 138/tcp filtered netbios-dgm > 139/tcp filtered netbios-ssn > 445/tcp filtered microsoft-ds > 899/tcp open unknown > 2000/tcp open callbook > 3306/tcp open mysql > > > Is it normal to leave all these ports open to the internet on an > asterisk box? In particular, is mysql secure this way? How about > sunrpc? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- Peter L. MacFarlane, ACP C & P Consulting 2000 Charlottetown PEI --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
