Greetings All! I thought to jump in and share some information which could be useful in this thread. Here are two suggestions:
1. Regarding tracking down who is actually doing what and where as far as attempted hacks. For getting a record or report regarding what is being attacked (so you can later close those vulnerabilities, of course) there are few tools as reliable as Open Source Tripwire (http://sourceforge.net/projects/tripwire). I've run it with YDL and it is very thorough. If you eventually develop into a commercial service you perhaps may then be interested in the commercial version from tripwire (http://www.tripwire.com/). 2. There exists a hardware firewall device which actually sits between the incoming DSL or faster connection and that connection leading to your computer. I currently have it setup so that it sits between the incoming high-speed connection and my wireless router. When I'm using YDL I connect to that router with an ethernet cable. The hardware firewall device itself fits within one's palm and is extremely portable. The device is constructed so that it acts completely independently of the operating system. More detailed information regarding it is available here: http://stingrayinc.com/ As much respect as I have for software firewalls and tripwire, in particular -- this hardware firewall known as the Stingray Firewall, is just what the small fellow -- independent, non-commercial individuals and non-profits providing IT services via their servers -- need. This isn't hype, it is reality and is available for a paltry cost of $80. The hardware device provides anti-phishing protection as well and will function nicely within a commercial or non-commercial environment. Once you register the device with the manufacturer it will be updated perpetually at no further cost to you. No update fees -- nada -- nothing! Also there exists an antivirus software package provided free by the same company to individuals who are not businesses and non-profit which protects further your operating system. I've been informed that a Mac version of their antivirus product is under development. However, one can install and activate for either OS X or YDL, the native firewall and Clam Antivirus. Activating the native firewall or clam antivirus won't affect or limit the Stingray. If you are interested in purchasing it, you can get it from here: http://www.thinkgeek.com/computing/accessories/75f3/ One more comment, regarding the Stingray. Once you have the Stingray, I doubt any hacker will be able to get past it to activate tripwire. This may make tripwire relegated to tracking illegal activities within a network behind the protection provided by the Stingray as one need not worry about that anymore. It's great to see the YDL community up and kicking! Best wishes.... Derick. On Aug 29, 2006, at 9:07 AM, Eric Dunbar wrote: > On 29/08/06, Christopher Murtagh wrote: >> On 8/28/06, Eric Dunbar wrote: >>> I recently activated vsftpd on my server and I'm noticing statistics >>> in the daily server report (automagically sent to root by all >>> servers) >>> that suggest someone's trying a dictionary attack (presumably) on my >>> ftp server (10000+ login attempts ;-). >> >>> 3. How do I find out what username/passwords they're using in their >>> dictionary attack? (I'd like to know what is insecure) >> >> I don't think this will benefit you much. You're better off making >> sure that you limit the access to the machine to the accounts that >> need it. Use /etc/vsftpd.user_list, which is a list of users that are >> allowed ftp, you'll need to activate it in the config (see below). > > In vsftpd.user_list there's a reference to another solution for > blocking users. The file "/etc/vsftpd.ftpusers" contains a list of > users to deny, and (as far as I can tell), it does ask for a password > (unlike .user_list won't when it's DENYing users) so a potential > hacker won't even be able to discover user names on the system. > > Now I'm down to one public user and that user has a secure password > anyway (unlike some of the others... I should really get around to > implementing/learning how to allow passwordless ssh and smb access > specified local machines ;-). > > Plus, it doesn't really matter if that account is compromised since > nothing personal is available through that account (though, it could > be used to distribute files, I guess). > > Thanks to Chris and Peter-Paul > _______________________________________________ > yellowdog-general mailing list > [email protected] > http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general > HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com' > _______________________________________________ yellowdog-general mailing list [email protected] http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general HINT: to Google archives, try '<keywords> site:terrasoftsolutions.com'
