Jay wrote: > I am running Mandrake 8.2 with ports 22(ssh), 25(smtp), 80 (http), > 443(secure-http) open. Does anyone know a a good site, or a few good sites that > will explain different types of hack attempts on these ports so that I can make > sure my box is secure. I do have a firewall up and running with servers running > on each of those ports but there may be round-about ways of attacking them I am > not aware of. > > Thanks > > -Jay >
Well that is a tall order because it depends on a lot of veriable, i.e. what version of ssh, what kind of MTA (sendmail, postfix, etc.) and what version, what kind and version of a web server. You are probably running apache (I am not going to check) for your web server. You could start by looking at web pages for the particular servers you are running. These pages, for example, apache or sendmail, will tell you about possible exploits and updates. In general, you might want to look at http://www.snort.org. They have a lot of links for the kind of stuff you might want to be aware of, and the have one hell of a nice program for monitoring all packets coming at these open ports called snort. I think I saw some package MDK 8.2 is coming with, something called prelude. I am a confirmed user of snort but prelude, and their home page should help also. HaPPy Snorting.... Dr John, The Night Tripper
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
