[plug] Security

John Summerfield summer at os2.ami.com.au
Wed Jun 16 14:34:05 WST 1999


> Hi All,
> 
> In an effort to be productive while procrastinating (exam today that I
> can't get motivated about studying for) I was having a wander thru my
> sys logs and discovered that there have been a couple of attempts to
> connect to my box. Silly me thought that mostt hings would be OK sitting
> behind an ISP for protection.
> 
> The attempted connects were from telnet, finger, imap and pop-3. I've
> been through inetd.conf now and commented out the telnet, ftp and gopher
> bits as well as the pop and imap services to be a little more secure. I
> don't need these services as the machine is not connected to a network,
> I just use it as a workstation and for dial-up net access.
> 
> What other signs for attack should I be protecting against and how do I
> be more secure in future?
> 
> I don't think the attacks have been successful. The secure log showed
> the connection attempts but no login sessions were granted so I think
> it's OK for now.

If you're running a web server, watch for accesses to three CGI scripts 
and nothing else.

It's a regular event; happens to one of my machines about twice a week, 
has been for about a year since I noticed. So far, the hackers have got no 
further.

It's wise to apply all updates relevant to your system. For added security 
you can also firewall yourself with ipchains (2.2 kernels and patched 2.0) 
or ipfwadm (2.0 only). May require you rebuild your kernel with the 
firewall support.

Alan Cox has a patch that's not in 2.2 kernels (except the updated RHL 6.0 
2.2.5 kernel) that you might like to add.



-- 
Cheers
John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.




More information about the plug mailing list