Re: hacked?

To: kmself@ix.netcom.com
Cc: debian-user@lists.debian.org, Alvin Oga <aoga@Maggie.Linux-Consulting.com>
Subject: Re: hacked?
From: Alvin Oga <aoga@Mail.Linux-Consulting.com>
Date: Thu, 27 Apr 2000 16:08:53 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1000427155745.32613A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 20000426005729.C7799@ix.netcom.com>

hi ya...

btw...just curious...what does these command return ???
- a bunch of dumb silly tests...

root# egrep -i "failed|failure|refused|not allowed|illegal
   port|blocked|denied"  /var/log/{messages,syslog,xferlog}*

root# last
root# last -f /var/log/wtmp
root# last -f /var/run/utmp
root# cat /.bash_history

root# find / -name ... -ls

run tripwire, ssh, logcheck, portscan, tiger, crack on "trustable servers"
that others depend on it...

remember that a "typical" hacker will erase any "logs/info" about their
visit to your machine -- so you will not see anything...than you have
to go dig further...

security is a full time job...but...
common sense goes a lot further...if one does not have time ???

> ...and what are you doing allowing telnet in the first place?  While it
> can be slightly useful in a local network, it's a severely insecure
> protocol,

telnet is just as insecure as pop3 for emails...and insecure as ppp
dialups ( passwds in cleartext )...

build an insecure box..for all that "insecure stuff" if you want...
but it should never log into another box....since you are probably not
running ssh to connect to it in the first place...

have fun
alvin

> and you should probably have it open to local traffic only in
> /etc/hosts.allow.  If you are supporting remote clients, there are ssh
> implementations for a wide range of hosts, including java
> implementations which will run in a browser.
> 
> On Wed, Apr 26, 2000 at 05:57:54AM +0000, john smith wrote:
> > Hello,
> > 
> >   someone has telnetted to my machine and I want to know what he/she did 
> > inside there.is there a way of knowing what "exactly" he/she did while 
> > telnetted to my machine? i.e. what directories navigated, files downloaded, 
> > etc? I tried to look for some logs in /var/log but I don't see any.
> > ________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> > 
> > 
> > -- 
> > Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> > 
> 
> -- 
> Karsten M. Self <kmself@ix.netcom.com>           http:/www.netcom.com/~kmself
>     What part of "Gestalt" don't you understand?
>     http://gestalt-system.sourceforge.net/
> GPG fingerprint: F932 8B25 5FDD 2528 D595  DC61 3847 889F 55F2 B9B0
>

Reply to:

References:
- Re: hacked?
  - From: kmself@ix.netcom.com

Prev by Date: Re: Installing Debian from 2.1.R4 CD's...questions
Next by Date: OFF TOPIC: Stormtrooper True
Previous by thread: Re: hacked?
Next by thread: reiserfs and debian ...
Index(es):
- Date
- Thread