hack attempt on my server...What do you do about this?
David Cary Hart
Fedora at TQMcube.com
Sat Jul 17 20:40:26 UTC 2004
On Sat, 2004-07-17 at 16:26, Craig White wrote:
> - a good hacker would use another system to attack other systems to hide
> the originating ip address.
>
> - a good hacker would never make a feeble attempt such as the one you
> descibed
>
> - a good hacker would more than likely gain access and remove the log
> entries to cover his tracks. The 2 boxes that I have had hacked were
> done well and not easy to spot.
>
It's quite possible that this is nessus proxied through another system.
While I log everything to DShield, the priority is protection.
Complaints to RIPE are a waste of time.
> - this message base is not going to provide nearly the breadth necessary
> to cover security issues. If you are responsible for security, you
> probably have to do a lot of reading (I would suggest Linux Hacking
> Exposed), as you will probably want to consider things like tripwire and
> not just iptables rulesets and logging.
>
I suggest that you not make the task too daunting. Start with IPTables
and block everything by default. That is clearly the first step (aside
from a strong password scheme).
> Craig
More information about the fedora-list
mailing list