I hope that is not the case.
This box has not been online other than when I use it to test the firewall.
I use my windows pc for surfing. Also, the only software installed to
this pc after installing redhat has been firewall stuff downloaded
primarily direct from the author's sites or else trusted sites like the
formerly www.linuxberg.com, nothing ever downloaded from usnenet or sites
that are not well known. Also, no other software besides security software
has been installed -- no games or other stuff, which means not a lot of
extra stuff installed yet.
I also check all my logs for external activity. Nothing shows other than
the ip addresses of the sites I test the firewall with (all of which run
the test in secure mode ie https).
I know it's possible but I can't imagine how in those circumstances anyone
had time to hack this pc that's connected only for a few minutes and then
disconnected when not testing the firewall. :(
Andre
At 08:43 PM 4/13/00 -0500, Ron DuFresne wrote:
>
>It seems to me perhaps this box has already been hacked and a redo from
>scratch maybe in order.
>
>Thanks,
>
>Ron DuFresne
>
>On Thu, 13 Apr 2000, Andr� Bell wrote:
>
>> >Maybe I need to change my default input rule instead to '$IPCHAINS -P
>> input -j DENY -l'. Well I just did and restarted pmfirewall. Now to test
>> it against nmap and a few 3rd party servers.
>>
>> Well I changed the flag default to '-P' instead of '-A' and the results are
>> the same. http://www.e-softinc.com says still there are eleven open ports
>> found:
>>
>> 80 http (I want this one to remain open)
>> 1080 socks not found by lsof
>> 1524 ingreslock not found by lsof
>> 2000 callbook lsof says this is IPv4
>> 2005 deslogin lsof says this is IPv4
>> 3128 squid-http lsof says this is IPv4
>> 5742 trojan lsof says this is IPv4
>> 6000 X11 not found by lsof, not found by nmap run locally
>> 6667 irc not found by lsof
>> 20034 trojan lsof says this is IPv4, not found by nmap
>> 40421 trojan lsof says this is IPv4, not found by nmap
>>
>> Nmap run locally reports many of the the same ports plus several other
>> ports not listed here. Is there any way to find if these are closed and
>> not false positives as someone mentioned? It looks to me like these may
>> really be open.
>>
>> Thanks.
>>
>> Andre'
>>
>>
>>
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
>>
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>"Cutting the space budget really restores my faith in humanity. It
>eliminates dreams, goals, and ideals and lets us get straight to the
>business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
>OK, so you're a Ph.D. Just don't touch anything.
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
