Did i get hacked?
From: mario (mario_at_schmut.com)
Date: Fri, 2 May 2003 12:14:38 -0700 (PDT) To: <email@example.com>
i have a FreeBSD 4.8-PRERELEASE #0 that i use as a gateway / nat box for
It also acts as a dns / mail server to the outside world.
I'm using ipf and basically filter for bogus networks on the way in and out.
I allow everything out keeping state,
and allow this in:
pass in proto icmp from any to any icmp-type squench group 200
pass in proto icmp from any to any icmp-type timex group 200
pass in proto icmp from any to any icmp-type paramprob group 200
pass in quick proto tcp from any port > 1023 to any port = smtp group 200
pass in quick proto udp from any port > 1023 to any port = domain group 200
on these ports i run qmail and tinydns
i was a bit sloppy by leaving these w/out a password
figuring they can't login anyway.
I've changed this now though i'm still not sure about the implications of
Also i'm not running tripwire or any other intrusion detection.
Here's my problem. When i got up this morning, i noticed that the box
at 0:32 this morning. I have 3 other computers that did not reboot leaving me
to believe there was no power failure. I looked through all the logs seeking
clues as to what happened. Hardware failure? It is an old p-75 and the hard
drive has had issues in udma-2 but has been doing fine for months in pio4
I also have a cron job at 0:30 to move the apache logs to a tmp file restart
apache sleep 5 minutes and then move the tmp file somewhere where newsyslog
can catch it. According to the logs, apache restarted fine but the tmp files
never made it anywhere. Again nothing useful in them either.
So if this was a hardware failure (harddrive), then any kernel panic
statements probably would not make it to the harddrive. So it would be
hard to tell. My question is, what if i got hacked? Would there be anyway
to find out despite me being totally unprepared for this?
That question really messes with my head.
Any pointer and/or clue stick treatments would be greatly appreciated.
Do you schmut!?
For a real web site try:
House Of Sites
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"