Re: [Masq] Re: Some web pages but not others

Fri, 12 Mar 1999 16:43:08 -0500 


I noticed because a few university sys admins mailed me some logs of attacks
coming from our system. I had just "inherited" sysadmin duties here and had
hardly had time to look at how our system was set up, so I hadn't noticed
anything. They installed the linux rootkit and started some scanners for
other vulnerable systems. They were looking for systems (Specifically redhat
5.1) that were vulnerable to an rpc.mountd exploit. We are a small company
and don't have anything on the system that would be too interesting to them.
They were
just using us as a hop.  I'm putting the new much newer and more secure
system up as soon as the backup is done.
-----Original Message-----
From: David A. Ranch <[EMAIL PROTECTED]>
To: intalt <[EMAIL PROTECTED]>; Steve <[EMAIL PROTECTED]>;
[EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, March 12, 1999 2:53 PM
Subject: Re: [Masq] Re: Some web pages but not others



>It is compiled in the kernel (2.0.35), but I don't use it (i'm not sure
how,
>this is my first time setting up masqing).

Other people have seen similar behavior even when IPAUTOFW was
compiled in and not used!  Now, a lot of other poeple also have
IPAUTOFW installed and DON'T have this issue.  I have not idea
but the issue is but those people that pulled out IPAUTOFW never
had the issue after that.

Personally, the 2.0.36 kernel is much better than a 2.0.35 kernel
in terms of IP MASQ support and 2.0.37 should be out pretty soon too.


>As far as changes go, "I" haven't changed anything, but that box was broken
>into a couple of months ago, and while I don't think they are still getting

Hmmm.. how did you notice this breakin and what did they do.  At a minimum,
I would recommend a strong firewall ruleset.  Even better, I would
recommend to install a new Linux distro, secure it, and run both a strong
firewall ruleset and run Tripwire on it.


>BTW Dave, much thx for >Trinity, twas much help in setting up the new box.

Glad you liked it.. if you have ideas, tips, etc  let me know.

--David
.---------------------------------------------------------------------------
-.
|  David A. Ranch - Linux/Networking/PC hardware         [EMAIL PROTECTED]
|
!----                                                                    ---
-!
`----- For more detailed info, see
http://www.ecst.csuchico.edu/~dranch -----'




_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]

Reply via email to