| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 24048 | 2002-09-02 07:06:00 | Paranoia, and yet even more linux | Chris Wilson (431) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 75745 | 2002-09-02 07:06:00 | i have been noticing that i almost always have the "activity" lite on the cable modem flashing, but no activity to the doze box that collects mail and creates random activity cableM---- linux box-----hub----'doze box there is a seperate card to the cable modem and the doze box. The hub is only there because i have a hub, but no xover cable. On the linux box i am running a webserver, but the logs say that there has been little activity. I am wondering if there is any logs that would tell me what the traffic in/out is/was, And ( i know the risk i'm taking) If anyone who knows thier way through linux wants to hack in, and tell me what doors are open, i'd appreciaite it. ip:202.0.37.227 is there a good online test similar to the windows online tests that tell what obvious vonerabilitys exsist? |
Chris Wilson (431) | ||
| 75746 | 2002-09-02 07:07:00 | BTW i'm running suse 8.0 | Chris Wilson (431) | ||
| 75747 | 2002-09-02 07:39:00 | I don't think posting your IP was a a good idea, especially if you don't have the latest patches installed for any services you are running. You can test for open ports the same as on windows with sites like: http://scan.sygatetech.com/ |
bmason (508) | ||
| 75748 | 2002-09-02 07:53:00 | next question, the 4 ports that were open for no good reason 25,110, 113, 443,.... How do i shut them? |
Chris Wilson (431) | ||
| 75749 | 2002-09-02 08:28:00 | Port 25 = SMTP for sending email. Try disabling that. Port 110 = POP3 for receiving email. 113 and 443, not sure. Though I'm surprised why port 80 wasn't accessible. |
-=JM=- (16) | ||
| 75750 | 2002-09-02 10:44:00 | I'd have a look here (www.cert.org) as there is something worth a look at. | -=JM=- (16) | ||
| 75751 | 2002-09-02 10:53:00 | You can get a list of active connections by running "netstat -tcp" at the terminal. If the mail ports are open to the world its possible that the activity is caused by someone (spammer) using your system to send mail. To close the mail ports you will need to shutdown your mail programme (probably either sendmail or postfix). You can shut them down immediatly by running as root: /etc/init.d/postfix stop or /etc/init.d/sendmail stop To stop it from loading at startup, you can either uninstall postfix/sendmail or use you distro's tool (eg drakxservices on mandrake). /etc/services can be used to match a port to a service, 113 is IDENT and 443 is HTTPS. |
bmason (508) | ||
| 75752 | 2002-09-02 11:21:00 | Hi Chris, Your CD comes with a number of Security Tolls on it. You can load nmap and SAINT which are both scanners come sniffers. Also if you go via KDE Quick Browser - Root - etc - then expand to services. Services will give you all the tcp/udp port numbers that are available as well as what they are for. Note that these are NOT the services that you are running. Suse also has a built in firewall configurator accessible through YAST2. |
Gorela (901) | ||
| 75753 | 2002-09-02 11:28:00 | Woops, Forgot to mention that if you think you have been hacked go to http://www.chkrootkit.org and download this program. It checks for suspicious file mods that quite often mean that you have been hacked. Also Suse comes with Portsentry and Snort. Snort is an IDS that detects unauthorised or suspicious behaviour and Portsentry can be used to block certain addresses among other things. |
Gorela (901) | ||
| 75754 | 2002-09-02 12:55:00 | -=JM=-, 80 was open, as you expected ... but for good reason, it being a server.. so i didn't mention it, |
Chris Wilson (431) | ||
| 1 2 | |||||