Re: Uh-oh. Cracked allready. I think...
Kjetil Kjernsmo <kjetil.kjernsmo@astro.uio.no> writes:
> >The fact they don't show up when you do a local scan confirms this.
> >These services aren't running on your machine.
>
> So, what you're saying is that all this alarm is for no good reason...?
> There has been no l337 h4X0rz trying to get into my box....? Well, that
> would be really be good news! Of course, it will not make me stop reading
> about how to secure the box.
There is still an outside chance you have either
a) a tcp listener on only the external interface that's only started in
response to an ICMP ping of specific content/length
and/or
b) some very dodgy (probably LKM-based) trojan that's either deflecting
nmap and/or netstat calls and/or
however, the chances of this are slimmer than I am paranoid.
I'd say you should be grateful to have got away lightly - kill listeners
you're not using, firewall it with iptables[0] and sort out your nIDS - the
chances are you'll soon find out if you're haemoraghing evil scans or
anything.
[0] I have a simple enough starter script floating around at
<http://spodzone.org.uk/packages/secure/iptables.sh> if it helps at all -
no doubt others have their own approaches, but at least mine has no gui
requirements other than $EDITOR ;)
ATB,
~Tim
--
<http://spodzone.org.uk/>
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: