[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hacked, then intrusion detection system



On Sat, 3 Feb 2001, ktb wrote:

> On Sat, Feb 03, 2001 at 07:02:08PM -0300, mgriffa@fibertel.com.ar wrote:
> > Hi.
> > 	I just realized that someone entered my debian box with
> > cablemodem. I couldn't find anything in the logs, but the pump package was
> > deleted.
> > 	I replaced inetd for xinetd. took off services I didnt't use (It
> > was left all default, as I installed in a rush), and now I'd like a good
> > intrusion detection system.
> > 	I'd like to hear about any advices about not security (too wide)
> > but tools to run in cron and which may be usefull for this kind of
> > situations.
>
> Most of what I  have read recommends a compete reinstall on a system that has
> been breached.  There may be back-doors you don't find.  Take a look at -
> http://www.cert.org/nav/recovering.html
>
> Also set up a firewall to help prevent this in the future.  There is a
> book at -
> http://www.openna.com/resources/articles/v1.3-xml/index.htm
> that might be helpful to you.  It is redhat based but many good tips.
> You might want to start with the Security-HOWTO at -
> www.linuxdoc.org
>
> There are many programs like "tripwire", "snort" "portsentry" you might
> want to take a look at.

I'll, thanks

>
> You might want to think about getting an older box, 486, P100, along
> those lines and set up a dedicated firewall for your other box(s).

It was already a dedicated firewall. The box runs telnetd (only for
192.168.1.x), squid and ipchains.

can I complete re-install with apt? or I have to do the boot from cd
again?



Reply to: