Re: Strange packets

To: Jochen Wiedmann <joe@ispsoft.de>, Debian Firewall <debian-firewall@lists.debian.org>
Subject: Re: Strange packets
From: Manel Marin <manel3@apdo.com>
Date: Fri, 14 May 1999 01:27:08 +0200
Message-id: <[🔎] 19990514012708.A296@p166>

On Wed, May 12, 1999 at 04:15:03PM +0000, Jochen Wiedmann wrote:
> 
> Hi,
> 
> one of our machines ("office") was suddenly causing a *real* lot of
> strange traffic, causing quite some costs. Tcpdump showed the

Hi,
I'm fairly beginner with Linux (just 2 years) and I have not been attacked
 (with success) yet (I have a good packet filter firewall ;-)

> 13:53:46.171012 office > 62.236.92.1: (frag 35482:1480@38480+)
> 13:53:46.171012 office > 62.236.92.1: (frag 35482:1480@37000+)

It looks bad... (perhaps I am wrong)

You do not explain if "office" is Linux too, or Windogs machine...

If Linux and there is no connect line in the log file '/var/log/daemon.log'
the attacker may have succeeded in the attack, get root and erased "guilty"
entries in the logs...

You seem not to have a firewall, did you restricted access to your services
in "office" with /etc/hosts.allow and /etc/hosts.deny (tcp-wrappers) ?

If you were really attacked take a look to the doc "backdoors" in rootshell
 to have an idea of what kind of things could you find in your system...

Best regards,
-- 
--------------------------------
Manel Marin   e-mail: manel3@apdo.com
Linux Powered (Debian 2.0)
--------------------------------

Reply to:

Prev by Date: Strange packets
Next by Date: Debain Firewalls With Slink
Previous by thread: Strange packets
Next by thread: Debain Firewalls With Slink
Index(es):
- Date
- Thread