Once hosts.allow and hosts.deny are modified do we need to restart a
daemon or something? How does Linux know they've been updated?
Glen
Today, at 15:50, Eddie Strohmier sent through the Star Gate:
>Well you need to get hosts.allow and hosts.deny going. I usually place the
>statement ALL: ALL in my hosts.deny then I determine what if any IP's I will
>allow in and for what services so I can enter them into my hosts.allow. An
>example here would be ALL: 168.100.200. This would allow any IP address
>from 168.100.200.1 to 168.100.200.254 in for any service. This will get you
>started. Then I would also run portsentry which is found here:
>
>http://rpmfind.net/linux/RPM/contrib/libc6/i386/portsentry-1.0-4.i386.html
>
>It is easy to set up with the readme and will monitor port activity and shut
>a potential hack out of a port if they are not in the excluded IP's file.
>Then I would read up on IP Chains as you can actually produce a true
>firewall in front of your machine via IP Chains. You may want to dedicate a
>different machine if this is on a network to do this task for you. But first
>get hosts.allow/hosts.deny going and portsentry. That should eliminate most
>hacks. hosts.allow and hosts.deny should have stopped the anonymous ftp that
>you discovered.
>
>
>Eddie Strohmier
>
>
>----- Original Message -----
>From: "Spunk S. Spunk III" <[EMAIL PROTECTED]>
>To: "RedHat" <[EMAIL PROTECTED]>
>Sent: Friday, October 13, 2000 3:16 PM
>Subject: I've been hacked
>
>
>> It's one of those things... I don't NEED anonymous ftp but I left it on
>> anyway. Either way, I had noticed last week that I had a few anonymous ftp
>> connections which raised my suspicions but I didn't see anything else that
>> alarmed me. But after getting back from a trip, I took a peek at my logs
>and
>> found some bad things. Promiscuous eth0, garbage data in the logs, syslogd
>> restarts etc... No big deal for me at this point. This was a test server I
>> use and was planning on killing this weekend anyway. My questions are
>these:
>>
>> 1. How does one go about hacking a machine via ftp? I mean, it would be
>nice
>> to understand HOW it is done in order to prevent it.
>>
>> 2. Besides turning off anon. ftp, what else should I secure (ftp wise)
>>
>> 3. As a case study, how can I tell what he/she did exactly (I guess a part
>> of question 1)
>>
>> Thanx,
>> Spunk
>>
>>
>>
>> _______________________________________________
>> Redhat-list mailing list
>> [EMAIL PROTECTED]
>> https://listman.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
