Re: Help ! This is a exploit ? What I do to do .

Mon, 18 Sep 2000 02:13:21 -0700 

seems like a brute force attack on your ftp server - indications are 
that the attack was successfully averted... but you really should do 
plenty of other checks before deciding that your server is secure... 
try this checklist:

http://www.cert.org/tech_tips/intruder_detection_checklist.html

it's interesting that they're trying specific user names towards the 
end rather than just generic accounts such as root and bin and lp... 
they got those names from your /etc/passwd file which is being 
publicly advertised right now (I had a look just then) on your ftp 
server... if you had shell access enabled for any of your users in 
that list, with weak passwords on them then the attacker would have 
been able to get local user access pretty easily on your server...

For further info on securing your system I'd check a resource like:

http://www.linuxworld.com/linuxworld/lw-1999-05/lw-05-ramparts.html

and

http://www.linuxworld.com/linuxworld/lw-1999-06/lw-06-ramparts.html

for interesting information on how people are (or will be) attempting 
to break into your server right at this very moment...

(although those are may be a bit out of date - old bookmarks! sorry!)

Keeping up to date on Redhat security errata updates is essential to 
maintaining a secure system, as is checking for security alerts from 
somewhere like:

http://xforce.iss.net/

This should keep you up to speed on new vulnerabilities...

HTH - good luck!

- dan.


At 10:23 AM +0200 18/9/00, Alessandro Coppelli wrote:
>Sep 18 00:41:03 ultra ftpd[14584]: FTP LOGIN REFUSED (username in
>/etc/ftpusers) FROM 151.14.37.218 [151.14.37.218], sys
>Sep 18 00:41:03 ultra ftpd[14588]: FTP LOGIN REFUSED (username in
>/etc/ftpusers) FROM 151.14.37.218 [151.14.37.218], uucp
>Sep 18 00:41:08 ultra ftpd[14595]: FTP LOGIN REFUSED (username in
>/etc/ftpusers) FROM 151.14.37.218 [151.14.37.218], nobody


then...


>Sep 18 00:41:08 ultra ftpd[14599]: FTP LOGIN REFUSED (shell not in
>/etc/shells) FROM 151.14.37.218 [151.14.37.218], pecchia
>Sep 18 00:41:08 ultra ftpd[14600]: FTP LOGIN REFUSED (shell not in
>/etc/shells) FROM 151.14.37.218 [151.14.37.218], ferrucci
>Sep 18 00:41:08 ultra ftpd[14601]: FTP LOGIN REFUSED (shell not in
>/etc/shells) FROM 151.14.37.218 [151.14.37.218], rinaldi
-- 

        Nitro - 3D Visualisation, Graphics & Animation
                Ph (+61 2) 9810 5177 - Fx (+61 2) 9810 0199
                        http://www.nitro.com.au/



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to