[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Uh-oh. Cracked allready. I think...

Kjetil Kjernsmo <kjetil.kjernsmo@astro.uio.no> writes:

> >The fact they don't show up when you do a local scan confirms this.
> >These services aren't running on your machine.
> So, what you're saying is that all this alarm is for no good reason...?
> There has been no l337 h4X0rz trying to get into my box....? Well, that
> would be really be good news! Of course, it will not make me stop reading
> about how to secure the box.

There is still an outside chance you have either
a) a tcp listener on only the external interface that's only started in
   response to an ICMP ping of specific content/length
b) some very dodgy (probably LKM-based) trojan that's either deflecting
   nmap and/or netstat calls and/or 

however, the chances of this are slimmer than I am paranoid.

I'd say you should be grateful to have got away lightly - kill listeners
you're not using, firewall it with iptables[0] and sort out your nIDS - the
chances are you'll soon find out if you're haemoraghing evil scans or

[0] I have a simple enough starter script floating around at
<http://spodzone.org.uk/packages/secure/iptables.sh> if it helps at all -
no doubt others have their own approaches, but at least mine has no gui
requirements other than $EDITOR ;)



To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: