Hi,
I run an older version of shorewall (1.4.2) and need some helping setting up
some rules.
I received an abusenet notification that one of my servers is being used to
hack elsewhere. I don't know if anyone here is familiar with
Linux.Backdoor.Small.o, any help would be greatly appreciated.
The suggestion I received is to block outbound traffic:
> outbound traffic either source or destination using ports: 6, 8, 17,
> 1025, 1433, 1434, 1435, 2798, 2967, 2968, 5761, & 5900
Certainly, first I'd like to determine which application is leaving the open
door, I'm guessing it's my apache. But in any case I need to close down the
backdoor by blocking at shorewall as well.
Thanks for any help.
Ricardo
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
