[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] IPs related to hackers

Subject: Re: [cobalt-users] IPs related to hackers
From: Diana Brake <diana@xxxxxxxxxxxxx>
Date: Sat Feb 10 21:59:53 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 09:22 PM 2/10/01, Chris wrote:

> > PortSentry adds IPs to the /etc/hosts.deny file so if I'm a bit late
> > watching the logcheck messages, the IPs are already blocked. PortSentry
> > doesn't add IPs that are being used to run FTP anonymous login scripts
or
> > IPs that are being used to attempt logins using the admin ID so I drop
> > those in by hand.

this "hosts.deny" file doesn't seem to block nameserver or ftp requests.
my server was recently compromised via proftpd by the looks of it.

i think ipchains is the better blocking option, i'm presently studying
up on this.

--
chris paul
fastmedia.net


Hi Chris,

I think you're correct, but for those of us on RaQ2s that can't useIPchains, this is a start. My next project is to figure out ipfwadm forthis MIPS thingy..:)


see ya,
Diana
Crest Communications, Inc.		diana@xxxxxxxxxxxxx
Beautiful Sunny Florida		http://crestcommunications.com/
352-495-9359, 425-732-9785 fax

Follow-Ups:
- Re: [cobalt-users] IPs related to hackers
  - From: Mike Vanecek

References:
- Re: [cobalt-users] IPs related to hackers
  - From: Colin J. Raven
- Re: [cobalt-users] IPs related to hackers
  - From: fastmedia

Prev by Date: Re: [cobalt-users] How do I create an Alias on a Raq3?
Next by Date: [cobalt-users] OS Restore Hangs at Loading Kernel
Previous by thread: Re: [cobalt-users] IPs related to hackers
Next by thread: Re: [cobalt-users] IPs related to hackers

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index