[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Break-in attempts to Linux host
NHE>> I have had a similar experience, and the attacker was using a dialin IP
NHE>> from Internet Zahav, and tried to break into my home pc (running Linux,
NHE>> of course). This happened about a 6 weeks ago, and although I have the IP
NHE>> and exact time of breakin attempt, I must admit I didn't do anything
NHE>> about it. If anyone is interested, I can give him these details.
Well, I see such incidents almost every day... Portscans, trying to
exploit old holes (even phf one!), etc. I only imagine how much of them
are yet defeated by router and firewalling rules... I usually report none
(most of them are from some .my dialups or, otherwise, AOL dialups - who
cares there about puny Israeli admin), if someone gets persistent (i.e.
more than one attempt), I firewall it out. Usually this should mean a
cracked box used as a base for more cracks - I did investigate one case
and revealed exploitable imapd hole. I even had though to get in and wipe
the kids out of the system, but then I though - why should I do it? It's
not my business. So I wrote a letter to root@ and root@ up the food chain
and blocked it by ipfwadm...
NHE>> Another note: "know who your neighbors are". If your computer
NHE>> sits in your ISP on the same segment (using a hub) as other
NHE>> client's computers, and you send clear-text passwords (e.g.,
No good!
NHE>> *still* use telnet, non-anonymous ftp, or non-ssh-tunneled
NHE>> pop3/imap), then you're screwed... If anyone breaks into a
On the other side - what should you do with FTP? You have to have FTP at
least for Windows users which even don't have descent SSH client at
hand, I don't say for some secure FTP thing... And with SSH is the same -
try to force user from his belowed Eudora/Netscape/Out-of-luck Express.
Security is your problem, not theirs, they don't care. Yes, it isn't shell
account yet, but it is an account - that's already nasty and can lead at
least to website losing it's face or data compromise.
--
frodo@sharat.co.il \/ There shall be counsels taken
Stanislav Malyshev /\ Stronger than Morgul-spells
phone +972-3-9316425 /\ JRRT LotR.
http://sharat.co.il/frodo/ whois:!SM8333
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il