[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
On Thu, 26 Dec 2002, Neil Stone wrote:
A good place to start would be the logs in /var/log these give all sorts of info on connections to your box etc. I had an issue a while ago where i hadn't updated sshd to use protocol version 2 only.. was broken in to, lost a load of data.. BUT /var was intact :-) i reported the connecting IP to my ISP along with copies of the logs.. then re-installed !
Have 6000+ lines of apache segfaults in my error log... have a few wget and HEAD reguests in my access log just before that started...
I personally tend to portscan my own box with nmap once in a while to see if anything is open that shouldn't be, also netstat can prove useful. Also consider installing a firewall device.. wether hardware or software can prove efective in combating attacks. iptables/ipchains is what i used to use before my ISP change to a nice friendly lot who provide me with a firewall :-D (www.anlx.net).
All my boxes are secured using a VERY thorough iptables script ;-) The binary appeared to be listening on a port for something... but that should have been blocked... I must double check that.
Well i hope that helps.. if you have any more questions.. ask away...
Was hoping someone had heard of an exploit like this, so I can see if anything extra bad has been done to my box, or point me at a couple of good resources where I could find more info. Cheers, ~Mark. -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.