Hi!
There are two daemons out there, which detect port scans. You should use
both at the same time because they detect different things (like virus
protectors). A nice setup is to have the output of both daemons write in
one file and EMAIL the diffs of this file each hour to another account.
That way someone has a maximum of 60 minutes to do a) scanning, b)
hacking and c) detecting all the tripwires before he can deactivate the
notification. But also notice the following things:
a) There is almost every time a scan before an hack attempt. But there
are much more scans than hack attempts (note the implication directions
!).
b) Port scans are _not_ illegal (at least in Germany). That might be why
web servers are scanned relativly often. Also ICQ and napster use these
techniques to find an open port in firewalls.
Another nice idea is to substitute telnet and ftp with some service that
sents an alarm message to you. Perhaps you could also just make them
look the same as telnet and ftp but let them collect every single
keystroke (some sort of "honeypot") :-).
Links:
http://www.openwall.com/scanlogd/
http://packetstorm.securify.com/linux/security/
http://www.psionic.com/abacus/portsentry/
http://sdetect.sourceforge.net/
Tobias
marc fleury wrote:
>
> yes, my home machine was hacked as well and then my provider machine from
> there hence jboss down.
>
> It also proves "dreamhost" detected the intrusion (as I did) but wasn't able
> to do anything to prevent it or repair it. :(
>
> I had to reinstall linux as well. It seems the first script kiddies were
> good and just "parasited" the machine but didn't damage it (and I don't mind
> some parasites, all trees have them). But then a "sloppy" script kiddy came
> along and boom.
>
> So being badly raped when I was a "security newbie" I decided to look at it
> in detail.
>
> Fascinating, had a great time, didn't sleep much last week :)
>
> essentially I disable EVERYTHING (telnet, ftp), I use xinetd which is more
> secure than inetd and then I turn off all the services in xinetd but pop3s a
> secure pop version on ssl. ssh is the only way to get in (telneat really
> good on windows) Of course I do all the installation off line. And then I
> put "tripwire" to monitor the main directories turn it on, once it is on I
> put the machine online.
>
> then I downloaded a rootkit and diagnosed my own machine for attacks :)
> fascinating.
>
> so much fun. Anyone knows of a good "scan detector"?
>
> marc
>
> |-----Original Message-----
> |From: [EMAIL PROTECTED]
> |[mailto:[EMAIL PROTECTED]]On Behalf Of Filip Hanik
> |Sent: Monday, January 22, 2001 10:22 AM
> |To: jBoss Developer
> |Subject: [jBoss-Dev] securing your servers
> |
> |
> |Just wanted to let everybody that run RedHat at home (maybe even the JBoss
> |servers?)
> |I got hit by the Ramen Noodle worm on my server at home (I forgot to turn
> |off some inetd services - in this case the print service) and my
> |machine got
> |rooted.
> |This means, I have to reinstall my machine from scratch, so be careful all
> |of you who run Linux (especially redhat).
> |If you run FreeBSD your safe!! :)
> |
> |take a look at the article
> |http://news.cnet.com/news/0-1003-200-4508359.html?tag=st.ne.1430735..ni
> |
> |Filip
> |
> |~
> |Namaste - I bow to the divine in you.
> |~
> |Filip Hanik
> |Technical Architect
> |[EMAIL PROTECTED]
> |
> |----- Original Message -----
> |From: "marc fleury" <[EMAIL PROTECTED]>
> |To: "jBoss Developer" <[EMAIL PROTECTED]>
> |Sent: Monday, January 22, 2001 9:55 AM
> |Subject: RE: [jBoss-Dev] jndi/UserTransaction
> |
> |
> |Hello,
> |
> |sorry for the delay I am finally out of the water re website (well almost).
> |
> |I am very interested in a integration of
> |a/new TM or extended TM
> |b/ Jeremie from France Telecom... it is the new JOnAS TM and I believe we
> |can buy ourselves distributed TM with it.
> |
> |let me know if you time/energy/will to take that on. To be quite
> |frank I am
> |thinking b/ first then talk to ole on possibilities for a/,
> |
> |marc
> |
> |
> ||-----Original Message-----
> ||From: [EMAIL PROTECTED]
> ||[mailto:[EMAIL PROTECTED]]On Behalf Of Sethi , Manish
> ||Sent: Sunday, January 14, 2001 7:51 AM
> ||To: 'jBoss Developer '
> ||Subject: RE: [jBoss-Dev] jndi/UserTransaction
> ||
> ||
> ||Hi Everybody,
> ||
> ||Writing very first mail to the group.
> ||
> ||I have gone through present implementation og JTA. I want to help in it's
> ||development. Now what I want to know is what should we choose out of
> ||followings for this job.
> ||
> ||1. Should we implement JTS/OTS specs at the back. (Probably we
> ||would have to
> ||start form scrach...)
> ||
> ||OR
> ||
> ||2. Should we think of some mechanism of just making TXContext
> ||movable around
> ||the multiple JVM...
> ||
> ||
> ||-Manish
> ||
> ||
> ||-----Original Message-----
> ||From: marc fleury
> ||To: jBoss Developer
> ||Sent: 1/12/01 10:34 AM
> ||Subject: RE: [jBoss-Dev] jndi/UserTransaction
> ||
> |||Is there a known historical fix for this, such as substituting a
> ||different
> |||JTA implementation or JNDI implementation? That is, has someone already
> ||
> ||hi,
> ||
> ||the jndi implementation is an orthogonal issue. We need to plug in a
> ||distributed monitor (JTS/JTA) and hook it up to jndi. The plumbing
> ||(propagation, thread association) is already there as it is an
> ||adaptation of
> ||the old jboss1.0 code.
> ||
> ||For the record, jboss1.0 used JOnAS distributed TM to provide
> ||distributed
> ||transactions. We deliberately removed it from 2.0 to provide fast in VM
> ||tm.
> ||
> ||Plugging a new TM is what is needed.
> ||
> ||marc
> ||
> ||
> |||provided this functionality in the past and able to offer suggestions?
> |||Distributed JTA and UserTransaction access by remote clients
> |||through JNDI is
> |||spec-required.
> |||
> |||Sean
> |||
> |||on 1/11/01 11:17 PM, marc fleury at [EMAIL PROTECTED] wrote:
> |||
> |||> userTransaction is for beans right now. I.e visible in JNDI of beans,
> ||but
> |||> NOT the globla JNDI.
> |||>
> |||> marc
> |||>
> |||>
> |||> |-----Original Message-----
> |||> |From: [EMAIL PROTECTED]
> |||> |[mailto:[EMAIL PROTECTED]]On Behalf Of Scott M Stark
> |||> |Sent: Wednesday, January 10, 2001 8:08 PM
> |||> |To: jBoss Developer
> |||> |Subject: Re: [jBoss-Dev] jndi/UserTransaction
> |||> |
> |||> |
> |||> |Can't you just access it via the context.getUserTransaction()
> ||method?
> |||> |It is bound under java:comp/UserTransaction, but this is only
> ||available
> |||> |from within the EJB while the container is executing a method. Its
> |||> |not visable vie jndiView.
> |||> |
> |||> |
> |||> |----- Original Message -----
> |||> |From: "Peter Braswell" <[EMAIL PROTECTED]>
> |||> |To: "jBoss Developer" <[EMAIL PROTECTED]>
> |||> |Sent: Wednesday, January 10, 2001 7:20 PM
> |||> |Subject: [jBoss-Dev] jndi/UserTransaction
> |||> |
> |||> |
> |||> |> All,
> |||> |>
> |||> |> I don't see (jndiView) where the a UserTransaction is
> |||> |> bound. I didn't find in the mail archives or docs
> |||> |> anything indicating how this gets bound...
> |||> |>
> |||> |> Any hints?
> |||> |>
> |||> |> peter
> |||> |>
