Re: Thanks to Amanda Owens and Jan Carlson for security info. Now, questions...

[Alan Mead <adm ipat com>]

At 03:07 PM 10/12/99 EDT, George Lenzer wrote:

>Following the advice of A.O. and J.C., I did a fresh re-install of RedHat 
>[...]

This is all very good.  I assume you also installed all the RH updates and
are watching for new problems on the security list?  And that you've been
reading about security starting with the obvious (Security-HOWTO,
https://www.seifried.org/lasg/, ...)?

>In /etc/hosts.deny:
>
>telnetd: ALL

Better still, 

ALL:ALL

>I was then able to telnet within my network.  I then tried it from a 
>friend's house and was denied access.  Everything seemed to be working as I 
>hoped.  However, this morning, I tried from work and I got the login prompt. 
>  I haven't allowed access to this IP range at all.  Again, did someone 
>compromise my machine and alter the behavior of tcp wrappers?  Are the 
>entries I made wrong?

This sounds very, very odd if you truely were denied from your friend's...
You should have a record of that refusal in /var/log/secure...  But my
guess is that something else (like maybe a DNS problem) prevented you from
connecting from your friends.  Conceivably you've been cracked.... but I
doubt it.

You restarted inetd after modifying hosts.* ?


---
Alan D. Mead  /  Research Scientist  /  adm ipat com
Institute for Personality and Ability Testing
1801 Woodfield Dr  /  Savoy IL 61874 USA
217-352-4739 (v)  /  217-352-9674 (f)