Re: Hacker Script Attempt
Gene,
On Fri, 5 Oct 2001, Gene Grimm wrote:
> What is the best way to protect specific daemons (inet and standalone
> like proftpd and apache) from intrusion attempts? I am not that
As for intrusion attempts be sure to keep your servers running the latest,
bug-free versions. Subscribe to the appropriate bug/software update
announcements mailing lists.
With Apache, make sure you don't have vulnerable CGIs available.
Also make sure inetd doesn't listen to an services you don't need. And be
sure to stop other services you don't need.
Is your web server running unnecessary software?
http://apachetoday.com/news_story.php3?ltsn=2001-02-20-003-06-PS-LF-AD
> have hosts.deny with lines to block outside attacks to telnet, etc.
> but they don't seem to work. The lines read:
> doesn't seem to work for the specific daemons like telnet. My tests
> were using our own servers from one in ip.block.2. to one that does
> not have the last two blocks included in the telnet line.
Use tcpdchk(8) and tcpdmatch(8) to check and test your TCP Wrapper rules.
Some examples:
$ tcpdchk
warning: /etc/inetd.conf, line 65: incomplete line
warning: /etc/hosts.allow, line 1: host address 192.168.1.1->name lookup failed
warning: /etc/hosts.allow, line 1: host address 192.168.1.2->name lookup failed
warning: /etc/hosts.deny, line 2: 110: no such process name in /etc/inetd.conf
$ tcpdmatch ftpd 64.54.87.1
warning: /etc/inetd.conf, line 65: incomplete line
client: address 64.54.87.1
server: process ftpd
matched: /etc/hosts.deny line 1
access: denied
$ tcpdmatch ftpd 192.168.0.5
warning: /etc/inetd.conf, line 65: incomplete line
client: address 192.168.0.5
server: process ftpd
matched: /etc/hosts.allow line 1
access: granted
Jeremy C. Reed
.......................................................
ISP-FAQ.com -- find answers to your questions
http://www.isp-faq.com/
Reply to: