[techtalk] Tightening Security
Mary Gardiner
mary at puzzling.org
Tue Feb 20 22:42:13 EST 2001
On Tue, Feb 20, 2001 at 01:44:04AM -0500, Christian MacAuley wrote:
> On Monday 19 February 2001 17:53, you wrote:
>
> > It could also mean that your box has been cracked. What ports has it
> > supposedly been scanning?
>
> Today the server was reported to have made a SYN attack against some network
> at a college. A few days ago a man emailed me complaining that the server
> was probing port 53 on his computer. The box has 1 static IP and isn't a
> gateway, so no other computers are permitted to use its IP address.
>
> Thanks for the suggestions ... i'm going to start locking down tomorrow.
Um... if people are reporting those kind of attacks it is quite probable your
box has been compromised and is being used a s part of an attack against
other servers.
Run nmap with the -p 1- flag to scan all ports - a high port may be open
to allow access to your box. If you can install new copies of basic tools
such as bash, ls, ps etc from checksummed downloads that would be good.
And then you really should actually re-install, clean, and shutdown ports
*before* letting the box onto an internet connection again. Since they'll
know the IP address again, it will need to be tight.
Mary.
--
Mary Gardiner
<mary at puzzling.org>
GPG Key ID: 77625870
More information about the Techtalk
mailing list