On Fri, 13 Oct 2000 13:16:16 -0700, "Spunk S. Spunk III" <[EMAIL PROTECTED]> wrote:
>
> It's one of those things... I don't NEED anonymous ftp but I left it on
> anyway. Either way, I had noticed last week that I had a few anonymous ftp
> connections which raised my suspicions but I didn't see anything else that
> alarmed me. But after getting back from a trip, I took a peek at my logs and
> found some bad things. Promiscuous eth0, garbage data in the logs, syslogd
> restarts etc... No big deal for me at this point. This was a test server I
> use and was planning on killing this weekend anyway. My questions are these:
>
> 1. How does one go about hacking a machine via ftp? I mean, it would be nice
> to understand HOW it is done in order to prevent it.
>
Here's one way this could have happened:
http://www.cert.org/advisories/CA-2000-13.html
I'm sure you'll get lots more advice on how to secure your (next) machine, but here
are some good things to do:
1. Keep your packages updated -- as vulnerabilities are discovered, new packages will
be released to fix them.
2. Many services can be set up to start through inetd (configure /etc/indetd.conf,
/etc/hosts.allow, /etc/hosts.deny). This will give you control over who can access
your services (you might want to make an ftp server available, but only to machines on
a local/internal network, etc).
3. Set up a firewall with ipchains (if you're using a 2.2.x kernel). This will also
let you control who gets to access your services.
4. Stop all services that you don't need.
5. Install Portsentry (or similar package) -- to detect portscans.
6. Install Tripwire (or similar package) -- to detect changes to critical files on
your system.
7. Read your logs regularly. This can be a pain if your logs get big, but there are
lots of tools our there which can summarize your logs to make the reading easier.
__
Larry Grover, PhD
Assoc Prof of Physiology
Marshall Univ Sch of Med
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
