[NTLUG:Discuss] Weird Messages

Scott Womer Scott at Womer.Com
Tue Jan 2 22:39:13 CST 2001 

Along the same lines as the previous poster of this thread... hacking into
linux servers.  Or more accurately...  being cracked.  Every time I feel
like I've shut all the doors I could, someone comes in and blows them wide
open.  In fact... this last time (01/01) I can't tell how the bastard(s) got
in.

I've been seriously hacked at least ½ a dozen times in the last six months
(that I know of) and one server twice now.  Most of them were used as
launchpads for silly IRC-bots, but one was used to launch DOS attacks on
other sites.  The inital attack on me was traced back to the U of Israel,
and the servers attacked from my machine were, like my employer, large
utility companies.  Am I just paranoid, or does that smell of informational
terrorism against our country's infrastructure?

Now I'm at the point where I need to ask for help.  On my test server, which
coincidentically seems to be their main interest, I've tested Bastille, but
it screwed me up so bad, I had to reinstall just to get the blasted thing to
boot again.  I've updated every piece of software installed to the latest
stable version, I've shut down most all services, the only non-essential
daemon running is sendmail.  I can telnet, and ftp as a user, but nothing
anonymous.  I'm running PortSentry which gives me a false sense of security
cause it only blocks the scanners, it's not helping me now that they know
where I'm at.

I've made major gains at getting Linux accepted at my company, and I know
others in my industry are watching me closely and I really don't want to
give them an excuse to not trust Linux.

I need help with Bastille... what options work well?  I need input as to
other utilities that are know to help, like monitoring the file system for
any changes, How can I set up servers to only allow certain services like
http to be widely accessible, but shut everything else down to just a couple
IPs that can access them?  and anything else really....

I fancy myself a fairly decent Unix admin, 13 year HP-UX admin by profession
and 6 year Linux admin by religion.  So you'd be hard pressed to talk over
my head.

Even though I ask for input for my own benefit, I think an extended thread
on this subject would benefit the group as a whole.


Thanks,
Scott Womer

More information about the Discuss mailing list