Security Basics mailing list archives
RE: under attack
From: "Jonathan Pokrzyk" <jpokrzyk () matriximaging com>
Date: Wed, 17 Mar 2004 13:56:02 -0500
What ports did you have open to begin with that someone could've gotten in. -----Original Message----- From: Security Zone [mailto:seczone () i-nfinity com] Sent: Tuesday, March 16, 2004 1:46 PM To: Jorge Garcia Cc: security-basics () securityfocus com Subject: Re: under attack On Mon, 2004-03-15 at 18:35, Jorge Garcia wrote:
i discovered in my redhat server a openssh port open in port 1945 or
somethin like that.
now i filter the port with iptables but i want to do more. how can i close the port??
It depends on what starts it. As for me, i'd suggest you to check xinetd.
how can i get info about who did this and which program or prosses is
using this port?
how can i get any inpho about the attacker??
Try and see log files! First of all /var/log/messages, then the logs produced by sshd, and so on. I do not know so much iptables, i prefere PF under openbsd... but i suppose that iptables supports log files! at the very least, you'd know something about the IP...
thanx
------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- under attack Jorge Garcia (Mar 16)
- RE: under attack Niek (Mar 17)
- Re: under attack Fernando Gont (Mar 17)
- Re: under attack Security Zone (Mar 17)
- <Possible follow-ups>
- RE: under attack Jonathan Pokrzyk (Mar 17)