[plug] hacked system
Gavin Rogers
grogers at vk6hgr.echidna.id.au
Sun Mar 19 14:04:34 WST 2006
At 01:45 AM 20/03/2006, you wrote:
> I'm currently rebuilding another system and would like to put in
> preventive measures to insure this does not happen again.
Hi Jon.
Three words: Logs, logs and logs. As much as you do to prevent miscreants
from attacking your machine, you need to be also able to see what they did
or are trying.
If you can, send the syslog output to a remote machine (syslog can do this
built in) for security and bump up the log output on all daemons. For sshd
I use:
# Logging
SyslogFacility AUTH
LogLevel VERBOSE
>Since the only apps the client uses is ssh and mail these should be the
>only ports open.
>Just curious is it possbile for an infected computer to make available an
>open open port from a clients desktop? By this I mean if a infected PC is
>sending information out a socket will open on the firewall, is it possible
>for this socket to be compromised and leave open a port?
There are a few worms going around right now that hammer ssh with trivial
username/password combos (like webmaster/webmaster). For a machine only
running ssh, it's a likely break-in point.
Cheers,
Gavin.
---
Gavin Rogers | Amateur radio station VK6HGR
http://www.livingwaters.com/good | http://vk6hgr.ampr.org/
ICQ: 17230395 MSN/Skype/Email: grogers at vk6hgr.echidna.id.au
More information about the plug
mailing list