[plug] hacked system
Jon Miller
jlmiller at mmtnetworks.com.au
Mon Mar 20 01:45:24 WST 2006
Looking for a procedure/suggesstions to determine how and when a hacked system was compromised. I'm currently rebuilding another system and would like to put in preventive measures to insure this does not happen again. I have a feeling that one of the packages was outdated, but not sure.
Since the only apps the client uses is ssh and mail these should be the only ports open.
Just curious is it possbile for an infected computer to make available an open open port from a clients desktop? By this I mean if a infected PC is sending information out a socket will open on the firewall, is it possible for this socket to be compromised and leave open a port?
Thanks
Jon
I will tighten the ssh port to only allow ssh access from certain ip addresses and only as a user with an account.
More information about the plug
mailing list