[Techtalk] Server was hacked into; looking for tips on how to secure it
Brenda Bell
k15a-list-linuxchix at theotherbell.com
Mon Feb 24 09:32:53 EST 2003
Quoting jennyw <jennyw at dangerousideas.com>:
> About Postfix being configured for an open relay -- it wasn't. I
> checked
> with orbsdb and others to make sure
Really stupid question: did you have orbs run a check on your IP to
actually test you for a relay? Or did you just check to see if you
were listed? They're two different things, yes? If you haven't
physically had the mail server tested as an open relay, you can do so
at http://www.abuse.net/relay.html
> The reason mail got through was because (according
> to logs)
> mail was sent either from 127.0.0.1 or 127.0.0.50
When I was setting up my firewall, I remember reading something that
said it's possible to spoof internal addresses and they suggested
including rules for certain IP's. I run NetBSD so my anti-spoofing
rules look like this:
block in quick on tlp1 from 192.168.0.0/16 to any
block in quick on tlp1 from 172.16.0.0/12 to any
block in quick on tlp1 from 10.0.0.0/8 to any
block in quick on tlp1 from 127.0.0.0/8 to any
block in quick on tlp1 from 0.0.0.0/8 to any
block in quick on tlp1 from 169.254.0.0/16 to any
block in quick on tlp1 from 192.0.2.0/24 to any
block in quick on tlp1 from 204.152.64.0/23 to any
block in quick on tlp1 from 224.0.0.0/3 to any
--
Brenda
http://opensource.theotherbell.com
More information about the Techtalk
mailing list