Re: I've been hacked, found mldonkey running

From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 10/06/04 

Date: 6 Oct 2004 02:52:02 GMT

General Schvantzkoph <schvantzkoph@yahoo.com> writes:

]On Tue, 05 Oct 2004 18:01:57 -0400, Marco Benton wrote:

]> General Schvantzkoph wrote:
]>> Does anyone know if Linksys routers are adequate firewalls? I had the FTP
]>> port open but I don't know for sure if that was the route that the
]>> intruders used. I'm trying to configure Mandrake 10.1 as second
]>> level firewall machine but it seems to want to block the local net as well
]>> as the internet port. Has anyone used 10.1 as a firewall?
]>>
]>>
]>
]> well, if you pay $40 for a combo firewall/router/dsl device i guess you
]> can't expect too much? good enough for home use tho.

]This is a home office network. Does anyone know how reliable these things
]are?

]> keep in mind that you can have 2 Cisco PIX firewalls and 2 linux
]> firewalls in front of your server and still be hacked if you dont
]> configure your FTP or whatever service correctly. for FTP use vsftpd...
]> not alot of parameters to screw up... or read some doco on how to
]> setup these services tightly.

]I don't normally allow FTP, I opened a port so that a collegue could
]download something and I forgot to close it. I'll never open an FTP port
]again.

Why? Just remember to close it. And I doubt that that was the problem.
I am not sure that there was any problem.

a)
rpm -Va|grep '^..5'>/tmp/verify
and look at the files. Many are config files which should have changed. but
if find or ls or ps has changed since installation, you have been hacked.

b)
find / -perm +6000 -ls
to look at the suid/sgid files.

 look at /etc/passwd for strange new users.

Relevant Pages

  • Re: For Lance
    ... Port 21 isn't the only one that's used for FTP. ... I suggest temprarily dropping firewalls on your LAN and try FTP'ing back and forth using just your LAN computers. ... Once you get FTP working without firewalls, raise the firewalls, make firewall exceptions and troubleshoot it again. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: How safe are FTP servers?
    ... Partly because it's a PITA when firewalls are involved. ... The FTP protocol is a little bizarre in its use of ports. ... the data traffic flows on another port. ... control session to tell it which port to use. ...
    (comp.os.linux.security)
  • Re: Ive been hacked, found mldonkey running
    ... >> Does anyone know if Linksys routers are adequate firewalls? ... I had the FTP ... >> as the internet port. ... This is a home office network. ...
    (comp.os.linux.security)
  • Re: Firewall config 2
    ... I'm not familiar with configuring the Alcatel, but in general with firewalls ... you can try a connection and then check your logs to see what port or ports ... on whether passive or active FTP are being used by the client and server. ...
    (comp.security.firewalls)
  • Re: Firewall config 2
    ... I'm not familiar with configuring the Alcatel, but in general with firewalls ... you can try a connection and then check your logs to see what port or ports ... on whether passive or active FTP are being used by the client and server. ...
    (comp.security.firewalls)