I guess there's not too much I can do about someone that hacked me from a
dailup-account in china huh?
-----Original Message-----
From: Yashodhan Barve [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, December 08, 1999 3:19 PM
To: '[EMAIL PROTECTED]'
Subject: Re: How to find who own's an IP address WAS: Got hacked, need to
make sure it doesn't happen again
Try
fwhois [EMAIL PROTECTED]
Yashodhan Barve
[EMAIL PROTECTED]
tel- 780-412-6985
On Wed, 8 Dec 1999, Jeff Graves wrote:
> I found an the address of someone that was running some services they
> shouldn't have tried to run. Not only did my mail server get hacked but
> an attempt was made on my primary dns server as well. I found an IP
that
> repeatedly tried using telnet and finger as well as ftp. How do I find
> who owns it? Tried an nslookup with no luck. Tried a ping with no luck.
> Traceroute turns up a bunch of other IP address in that subnet with no
> domain name. Any ideas?
>
> TIA
> jeff
>
> -----Original Message-----
> From: Jeff Hogg [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, December 08, 1999 1:53 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Got hacked, need to make sure it doesn't happen again
>
>
> -----Original Message-----
> From: Jeff Graves <[EMAIL PROTECTED]>
> To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
> Date: Wednesday, December 08, 1999 12:31 PM
> Subject: Got hacked, need to make sure it doesn't happen again
>
>
> >My mail server got hacked last night. I guess i was asking for it
> though. I
> >didn't really do any security checks close any ports. In fact I just
> >installed everything and left everything open. At any rate, i came in
> this
> >morning and everything wasn't working. I had to reinstall and setup
> >sendmail and the pop3 service all over again. And add all the users.
It
> >took about 3 hours. I was just wondering if anyone can tell me what
logs
> i
> >should monitor all the time and what i need to shut off. I reinstalled
> the
> >server using the bare minimum. It has sendmail, the linux kernel,
> apache,
> >some ftp services, and a couple of other things. Other than than, it's
> >empty. I needed apache because i want to run some sort of Internet
front
> >end for my users so they can check their mail. Anyway, i have a few
> books
> >I'm tearing apart doing everything i can but I figured first-hand tech
> >knowledge is probably the best adivce. Any help?
>
>
> That had to hurt.. I'm about to open my own site here, and I've been
> working
> on learning what your trying to learn as well. I don't know enough to
be
> called an expert, but it can't hurt to start somewhere. I would
suggest
> a
> careful writting of your hosts.allow and hosts.deny files. I would
also
> suggest downloading and installing ipchains. I think you can get an
rpm
> from most redhat mirrors. I've got a ip masqueraded LAN set up here in
> my
> office and have had to apply some security to the linux box I use as a
> "router". It's set up with only those services I have a need for. It
> has a
> hosts.deny of ALL:ALL and a hosts. allow of ALL:10.0.0. and
> ALL:127.0.0.1
> to allow the local lan and the localhost to use those services. I also
> set
> up ipchains to do the following:
>
> deny all ip forwarding by default.
> allow ip forwarding for just my local lan
> I deny all connection attempts comming into my modem.
>
> The ipchains rules are fairly simple to use and seem very effective. I
> have
> had no attempts succeed against this system so far. Hopefully that
state
> will continue. I think it is a bit harder with a true server where
ports
> need to be open, but you can still restrict entry to just those ports,
> and
> stop others from pretending to be a machine on your network. I hope
this
> helps. Others will probably add a lot more :)
>
> Jeff Hogg
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
