Re: Help, my machine has been hacked

From: B. Joshua Rosen (bjrosen@polybus.com)
Date: 04/06/02 

From: "B. Joshua Rosen" <bjrosen@polybus.com>
Date: Fri, 05 Apr 2002 21:04:00 -0500

In <20020405.201944.441145689.20157@oberon.cardinal.lan>, Yan Seiner
wrote:

> In article <pan.2002.04.05.19.24.58.194470.25385@polybus.com>, "B.
> Joshua Rosen" <bjrosen@polybus.com> wrote:
>
>
>> The DSL provider said that one of their BSD servers was hacked so they
>> switched it to Linux.
>
> I'd say your DSL provider does not know much about BSD/Linux. WHile I
> like Linux, BSD is reputed to be more secure.
>
>> Are any of the consumer firewall boxes any better than an IPCHAINs
>> based firewall?
>
> You should be using IPtables anyway. But the answer is that a firewall
> is only as good as the person administering it. I like to run defense
> in depth; I have a DSL router which does basic firewalling, NAT, and
> port forwarding, and then a linux firewall behind it that acts as the
> DMZ firewall. You may want to get a DSL router as a first line of
> defense.
>

Do you have any recommendations for an iptable based firewall builder. I
used PMfirewall to build my firewall with. PMfirewall is easy to use and
it certainly seemed to be pretty comprehensive, however it would seem
that it has failed me here, any recommendations for a good firewall
builder would be appreciated.

Which DSL router are you using?, do you like it? how flexible is it?

>
>> Is it possible that someone is simply spoofing my IP address and that
>> the portscans are coming from somewhere else?
>
> Sure; I'd say it's more likely that one of the boxes behind your
> firewall got compromised. Check those for rootkits. Also run tcpdump on
> your public interface and see what's going in and out.
>
> --Yan

I've checked all of my machines for rootkits, they're all clean.

Relevant Pages

  • Re: OT udp port 138 BROWSER traffic
    ... >>potential problems with people outside the firewall looking at disk info ... > point of changing dsl providers. ... > issues that are interfering with my connection at their end. ... > firewall/router and their gateway, ...
    (comp.os.linux.security)
  • Re: Time to upgrade SP1 to SP2?
    ... >software does not work properly on SP2. ... >dial-up to DSL, so perhaps there are some firewall considerations. ... They all refused to hide ping responses when I used the DSL ...
    (microsoft.public.windowsxp.general)
  • Re: sshd not working
    ... > do you have configured the firewall to allow related, ... As soon as you give the right password the linux box is going ... To configure the DSL box, I followed the instructions for allowing ... followed by another password prompt. ...
    (comp.os.linux.networking)
  • Re: Help, my machine has been hacked
    ... >>> The DSL provider said that one of their BSD servers was hacked so they ... >> I'd say your DSL provider does not know much about BSD/Linux. ... >>> Are any of the consumer firewall boxes any better than an IPCHAINs ...
    (comp.os.linux.security)
  • Re: Firewall appliance that can do routing?
    ... >> their DSL connection. ... I'm looking at the the SonicWall and WatchGuard ... >> Part of the DSL package is 8 IP addresses. ... >> inspection, NAT, and VPN, the firewall also needs to be able to forward ...
    (comp.security.firewalls)
Quantcast