Oh, I don't know. You might get some action if you attached to your
email complaint, some material from the Falun Gong religious sect, which
you "claim" they sent you.
You DID want the perpetrators SHOT, didn't you...? : )
-----Original Message-----
From: Jeff Graves [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 08, 1999 3:36 PM
To: '[EMAIL PROTECTED]'
Subject: RE: How to find who own's an IP address WAS: Got hacked, need
to make sure it doesn't happen again
I guess there's not too much I can do about someone that hacked me from
a
dailup-account in china huh?
-----Original Message-----
From: Yashodhan Barve [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, December 08, 1999 3:19 PM
To: '[EMAIL PROTECTED]'
Subject: Re: How to find who own's an IP address WAS: Got hacked,
need to
make sure it doesn't happen again
Try
fwhois [EMAIL PROTECTED]
Yashodhan Barve
[EMAIL PROTECTED]
tel- 780-412-6985
On Wed, 8 Dec 1999, Jeff Graves wrote:
> I found an the address of someone that was running some services they
> shouldn't have tried to run. Not only did my mail server get hacked
but
> an attempt was made on my primary dns server as well. I found an IP
that
> repeatedly tried using telnet and finger as well as ftp. How do I find
> who owns it? Tried an nslookup with no luck. Tried a ping with no
luck.
> Traceroute turns up a bunch of other IP address in that subnet with no
> domain name. Any ideas?
>
> TIA
> jeff
>
> -----Original Message-----
> From: Jeff Hogg [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, December 08, 1999 1:53 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Got hacked, need to make sure it doesn't happen
again
>
>
> -----Original Message-----
> From: Jeff Graves <[EMAIL PROTECTED]>
> To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
> Date: Wednesday, December 08, 1999 12:31 PM
> Subject: Got hacked, need to make sure it doesn't happen again
>
>
> >My mail server got hacked last night. I guess i was asking for it
> though. I
> >didn't really do any security checks close any ports. In fact I just
> >installed everything and left everything open. At any rate, i came in
> this
> >morning and everything wasn't working. I had to reinstall and setup
> >sendmail and the pop3 service all over again. And add all the users.
It
> >took about 3 hours. I was just wondering if anyone can tell me what
logs
> i
> >should monitor all the time and what i need to shut off. I
reinstalled
> the
> >server using the bare minimum. It has sendmail, the linux kernel,
> apache,
> >some ftp services, and a couple of other things. Other than than,
it's
> >empty. I needed apache because i want to run some sort of Internet
front
> >end for my users so they can check their mail. Anyway, i have a few
> books
> >I'm tearing apart doing everything i can but I figured first-hand
tech
> >knowledge is probably the best adivce. Any help?
>
>
> That had to hurt.. I'm about to open my own site here, and I've been
> working
> on learning what your trying to learn as well. I don't know enough to
be
> called an expert, but it can't hurt to start somewhere. I would
suggest
> a
> careful writting of your hosts.allow and hosts.deny files. I would
also
> suggest downloading and installing ipchains. I think you can get an
rpm
> from most redhat mirrors. I've got a ip masqueraded LAN set up here
in
> my
> office and have had to apply some security to the linux box I use as a
> "router". It's set up with only those services I have a need for. It
> has a
> hosts.deny of ALL:ALL and a hosts. allow of ALL:10.0.0. and
> ALL:127.0.0.1
> to allow the local lan and the localhost to use those services. I
also
> set
> up ipchains to do the following:
>
> deny all ip forwarding by default.
> allow ip forwarding for just my local lan
> I deny all connection attempts comming into my modem.
>
> The ipchains rules are fairly simple to use and seem very effective.
I
> have
> had no attempts succeed against this system so far. Hopefully that
state
> will continue. I think it is a bit harder with a true server where
ports
> need to be open, but you can still restrict entry to just those ports,
> and
> stop others from pretending to be a machine on your network. I hope
this
> helps. Others will probably add a lot more :)
>
> Jeff Hogg
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
