Excellent suggestion, portsentry rules. Got 2 with it in the last 4 days.
Kirk
>On Sat, 29 Jan 2000, Frederic Herman wrote:
> He may have broken in, then covered his tracks. In that case, he
> probably now have a backdoor into your machine. If your telnet is
> changed, which is likely in a break in, that might explain your
> inability to telnet. You should really determine if this is the case.
> Check to see if you have locked yourself out by examining the
> /etc/hosts.allow and /etc/hosts.deny files, assuming you aren't set up
> with a firewall.
>
> Edit your /etc/inetd.conf file to disable any service you don't actually
> need. You need auth, and it sounds like you want telnet. Comment out
> any line you don't have to have enabled. I think you can use linuxconf
> to turn off what you don't need.
>
> I would also recommend installing tripwire to detect changed files for
> the future and portsentry to detect and block port scanners.
>
> Good luck,
>
> Fred
>
>
> RedHat's site and their mirrors provide all the updates for these
> security holes. Start with:
>
> http://www.redhat.com/support/errata/
>
>
>
> mi na wrote:
> >
> > Hi Frederic herman,
> >
> > Thanks for your quick response!
> >
> > I am using hosts.allow, and hosts.deny to restrict people access that box.
> > If the hacker didn't not break in, why i can not telnet to that box.
> >
> > PS: Where i can get the latest patchs for named, telnet, and wu-ftp?
> >
> > Thanks again!
> >
> > Li
> >
> > >From: Frederic Herman <[EMAIL PROTECTED]>
> > >Reply-To: [EMAIL PROTECTED]
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: ttloop: peer died:
> > >Date: Sat, 29 Jan 2000 11:42:41 -0700
> > >
> > >BTW, make sure your patches are up to date. Especially named, telnet
> > >and wu-ftp.
> > >
> > >The hacker was trying to break in.
> > >
> > >
> > >Frederic Herman wrote:
> > > >
> > > > Hacker attempted to telnet and failed. Check log file secure for the
> > > > event as well as messages log file. If you find a message with the ip,
> > > > traceroute it and report the event to the isp upstream from the ip.
> > > >
> > > > Fred
> > > >
> > > > mi na wrote:
> > > > >
> > > > > Hi All,
> > > > >
> > > > > I have a linux (redhat 5.2) box, no one can telnet to this box since
> > > > > yesterday, and here is the log message:
> > > > > "telnetd[467]: ttloop: peer died: Invalid or incomplete multibyte or
> > >wide
> > > > > character"
> > > > >
> > > > > Is this a some kind of Virus?
> > > > >
> > > > > Pls help, thanks!
> > > > >
> > > > > Li
> > > > > ______________________________________________________
> > > > > Get Your Private, Free Email at http://www.hotmail.com
> > > > >
> > > > > --
> > > > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > > > as the Subject.
> > > >
> > > > --
> > > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > > as the Subject.
> > >
> > >
> > >--
> > >To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > >as the Subject.
> > >
> >
> > ______________________________________________________
> > Get Your Private, Free Email at http://www.hotmail.com
> >
> > --
> > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > as the Subject.
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
