o-----------ooO--(- Important Message -)--Ooo------------o
| |
| SAVE BANDWITH, SPACE, TIME & MONEY, REPLY WITH PRUDENCE.|
| |
o----=[ Penguin @ My - Linux ([EMAIL PROTECTED]) ]=----o
Assalamualaikum,
Haris rasa email ni menarik. Dapat daripada ML Computerguys
(ML untuk General PC Problem). Kekawan yang ada pengalaman
security Linux dalam Internet, boleh le tambah sikit.
Wassalam.
: )
-------------------
Post jawapan (3)
Subject: Re: hacking attempts
Date: Tue, 28 Sep 1999 20:59:18 -0400
From: Jacob Waltz <[EMAIL PROTECTED]>
One of the bad things about RedHat Linux is that it defaults to have
all network services turned on at boot. You do have the option to
selectively have things turned on at boot when you run the
installation, which is fine for the eperienced Unix user, but the new
user isn't going to know what the hell wu-ftpd or tftp or bind or
[insert latest hacked service] is. So they aren't going to change
anything. Add in the fact that the new user is less likely to install
the security patches - either because they don't know about them or
don't know they need them - and you can have a potentially very
unsecure system. What RH really needs to do is have all but the
essntial services turned off by default, and let the advanced users and
administrators turn on the things they need.
jacob
-------------------
Post jawapan (2)
Subject: Re: hacking attempts
Date: Tue, 28 Sep 1999 15:53:02 -0400
From: Seth Milder <[EMAIL PROTECTED]>
I don't allow *anything* from outside (my hosts.deny is ALL:ALL) and I
have finger, tftp, etc. all off. You are right, it was not a really
serious attempt. I would bet that they were trying to get root using the
wu-ftpd exploit.
Seth
-----------------
Post jawapan. (1)
Subject:: Re: hacking attempts
Date: Tue, 28 Sep 1999 15:19:03 -0400
From: Vicky Staubly <[EMAIL PROTECTED]>
Those didn't look like very serious attempts at hacking. Probably
just someone trying to guess passwords. Do you allow finger from
outside? I had one person successfully guess a password for an
account on my server (the user had used way too simple a password)
before I turned off finger from outside my domain. It's good that
most Linux installs give you tcp wrappers by default, but I'm
afraid most people don't think to configure their hosts.allow and
hosts.deny sensibly.
------------
Post tanya.
Subject: hacking attempts
Date: Tue, 28 Sep 1999 14:49:32 -0400
From: Seth Milder <[EMAIL PROTECTED]>
Today I was looking through the log files on my machine and I
discovered, much to my surprise, that there were quite a few attempts to
gain unauthorized access to my box. I really never paid too much
attention to the security on my home machine (aside from applying
patches, turning off unnecessary services, and using TCP wrappers, that
is) because I use a standard dialup line to connect to the net, so my
i.p. is dynamically assigned. Here is an excerpt from /var/log/secure*
[root@betelgeuse mrseth]# grep -i refuse /var/log/secure*
/var/log/secure.1:Sep 26 00:23:50 betelgeuse in.telnetd[12963]: refused
connect
from surf103-48-216.jacksonville.net
/var/log/secure.3:Sep 6 12:33:43 betelgeuse in.telnetd[2342]: refused
connect f
rom ip20.los-angeles29.ca.pub-ip.psi.net
/var/log/secure.3:Sep 6 12:33:45 betelgeuse in.telnetd[2343]: refused
connect f
rom ip20.los-angeles29.ca.pub-ip.psi.net
/var/log/secure.3:Sep 7 04:44:36 betelgeuse in.ftpd[1297]: refused
connect from
nlp3.ici.ro
/var/log/secure.4:Sep 3 20:44:51 creepy in.ftpd[2074]: refused connect
from 203
.236.110.2
/var/log/secure.4:Sep 3 20:44:51 creepy in.ftpd[2075]: refused connect
from 203
.236.110.2
P.S. Anyone know offhand where .ro is from?
Seth
-
o----------------ooO--(- Disclaimer / Footer -)--Ooo-----------------o
| |
| [EMAIL PROTECTED] and other email IDs under my-linux.org are owned |
| by My-Linux. If you see any suspicious looking email ids under |
| my-linux.org, the matter should be referred to [EMAIL PROTECTED] for |
| clarification. |
| |
| This document and any attachments are strictly confidential and |
| intended for the use of addressee only unless otherwise indicated. |
| This message must not be copied or disseminated to any other person |
| without our prior written consent. |
| |
| news://my.enemy.org/my-linux.bincang http://ku.rindu.net/penguin/ |
| unsubscribe echo "unsubscribe penguin"|mail [EMAIL PROTECTED] |
| |
o-----------=[ Penguin @ My - Linux ([EMAIL PROTECTED]) ]=-----------o
