Re: [fw-wiz] RE: Help. How to stop attacks on gateway/linux host.

From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 12/13/04

Next message: Jian Zhen: "Re: [fw-wiz] How to Save The World"

Previous message: MHawkins_at_TULLIB.COM: "[fw-wiz] How to Secure Windows? was How to Save the World"
In reply to: Yesh Sriram: "[fw-wiz] RE: Help. How to stop attacks on gateway/linux host."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Mon, 13 Dec 2004 22:23:15 +0530

On 13/12/04 11:28 +0530, Yesh Sriram wrote:
<snip>
> For the last 6 months our DSL bills are extremely high. We examined our
> logs and there is someone using the bandwidth from
> our host every night. We can turnoff the machine but not sure if this is
> the right solution.

I recommend getting a good consultant. The Chennai Linux User Group is
active, and if you want, I can recommend a few people to help you out.

> We have done the following (for the last three months)
> - Change passwords every 3 days
> - Run only http, https, ssh
> - Disable ftp
>
> But we still continue to see the nightly breaks into our host machine.

Is this a compromised machine? Or is someone running a cron job from
behind this gateway?

> We have no Linux expertise except as developers.
> We checked out firewall software price and it's expensive, and there is
> no expert support available. Can someone
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Lots of expert support available. Not cheap, but good. You just need to
look.

> suggest a fix for this. Even a policy fix/advice would be helpfull.

You need to figure out the problem first. I suggest a system with a
fresh installation, and fully patched and hardened. Then load up ntop on
this system and track your top bandwidth abusers.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Jian Zhen: "Re: [fw-wiz] How to Save The World"

Previous message: MHawkins_at_TULLIB.COM: "[fw-wiz] How to Secure Windows? was How to Save the World"
In reply to: Yesh Sriram: "[fw-wiz] RE: Help. How to stop attacks on gateway/linux host."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Exchange 2K3 2 Front-End Servers... 1 with SSL and one without?
... There are complicated solutions and simple solutions. ... me recommend what I believe is the simplest way to go... ... Publishing rules to bride both HTTP and HTTPS to HTTPS. ... >for our satalite network which can't use SSL... ...
(microsoft.public.windows.server.sbs)
Re: Running a web service from a Windows Service program
... Thanks for the replies. ... Can I set up a network connection if the only ... contact with the other machine is using http ot https over the public ... recommend WS for this) ...
(microsoft.public.dotnet.languages.csharp)
Re: disable port 80 when using SSL
... Can you recommend a simple HTTP to HTTPS ... Had a look online a while back and everything seems to involved scripts. ...
(microsoft.public.inetserver.iis)