Re: WC:> internet vandalism
>From: Javilk <[EMAIL PROTECTED]>
>Subject: WC:>: internet vandalism
>
> There appears to be something afoot in the SF Bay area, and possibly
>further. A number of machines, many of them Linux, are being cracked.
This is a good reason for checking out system log files /var/log/messages .
You should be able to see repeated attacks to your systme (including their IP numbers).
>Several people report port scanners hitting them regularly.
Then they should be contacting the ISP's where these signals are coming from.
> Entry to my machine was made via imapd, a mail handler that is not
>essential if fetchmail is being used. Some also report eggdrop attacks,
>which I also experienced, but my machine did not go down on that.
Was it the latest version of imapd ? Also, was your system running the latest
bug fixes/etc ? Did you notify CERT abput the breakins ?
> My ISP's tech support's first comment, when I said I had been
>cracked, was to ask me if I was running Internet Explorer, as that is
>where they had been coming through on other of their clients. He was
>surprised when I said I was runing Linux, telling me that those were
>supposed to be a lot more secure.
>
> Suggestions on other lists are to check your /etc/inetd.comf file,
>turn off just about everything unless you are sure you need it. You don't
>need shell, login, telnet, etc. in most cases if you do not have other
>people log in to your machine. If you are not serving FTP, turn that off
>too. Imapd has some security bug in it, so it should either be turned
>off, or replaced if you really, really need it.
You should install TCP Wrappers. It allows you to put a shell around
"essential" services on the system via inetd. It allows you to specify a limited
number of places that can use services (ie. ftp, telnet, talk, etc) and deny all other
systems.
I have TCP Wrappers on my sendmail to keep people from using me as a relay for spam.
>-javilk- posting from my ISP's shell account.
>I am just repeating what I have read in other messages sent me.
>You are advised to use common sense in evaluating this information.
>
Matt Soffen
===============================================================
Boss - "My boss says we need some eunuch programmers."
Dilbert - "I think he means UNIX and I already know UNIX."
Boss - "Well, if the company nurse comes by, tell her I said
never mind."
- Dilbert -
===============================================================
____________________________________________________________________
--------------------------------------------------------------------
Join The Web Consultants Association : Register on our web site Now
Web Consultants Web Site : http://just4u.com/webconsultants
If you lose the instructions All subscription/unsubscribing can be done
directly from our website for all our lists.
---------------------------------------------------------------------
