[Techtalk] Re: iptables help needed ...
Raven Alder
raven at oneeyedcrow.net
Fri Dec 20 01:59:48 EST 2002
Heya --
Quoth txjulie at austin.rr.com (Thu, Dec 19, 2002 at 10:41:46PM -0600):
> On Tuesday I tried to switch from ipchains to iptables for a
> firewall. Apparently I did something very wrong because last
> night I got hacked and root-kitted and all sorts of bad things.
Any idea of how it happened? (Root's .bash_history or
something? Signatures in the logs?) Knowing how they got in will
help prevent it happening again. A good firewall is a thing of
beauty, but if the service they exploited is one that's allowed
through the firewall then you're still in trouble.
> I'd love to send y'all the iptables rules I used, but I had to
> reinstall this thing -- I didn't want to risk backing up my
> new files only to include my new rootkit infestation ...
Yeah -- levels of appropriate paranoia. [grins] Hope you had
recent backups.
> So ... could y'all be so kind as to help? Please? I feel
> like a dope ;-(
Sure. What is going to be behind the firewall, what did you
want to let through, and what did you want to keep out?
Cheers,
Raven
"I'm cursed/blessed/strange about that, I guess."
-- Rick, regarding his affinity for foreign-policy geeks
More information about the Techtalk
mailing list