Also when you have time go to www.freshmeat.net and do a search for
portsentry. This program will automatically put the IP of anyone doing a
portscan on your system into the hosts.deny and also blackhole them in your
route table. I use this program on all our boxes and it works great. It can
also be setup to fire an email at you when "events" happen.
Hope this helps,
Steve Curry
NonStopNet.Net, Inc.
http://www.nonstopnet.net
email: [EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Dave Wreski
Sent: Friday, October 13, 2000 6:01 PM
To: [EMAIL PROTECTED]
Subject: Re: I've been hacked
> Once hosts.allow and hosts.deny are modified do we need to restart a
> daemon or something? How does Linux know they've been updated?
No, you don't need to do anything. This assumes, of course, that the
service is in fact using TCP wrappers to begin with. You should check to
make sure after making a change. You can do this by excluding 'localhost'
from the hosts.allow file and doing something like:
# telnet localhost
which should return 'connection closed by foreign host'. You might find
some useful information here:
http://www.linuxsecurity.com/docs/
Later,
dave
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
