Topic: how do I catch a phreaker?

[Eli Shepes]

How would I find out if someone tried to or did hack my server. If so then how would I find out as much as I can about them?

[Michael Smith]

The first thing to do is get your terminology straight ... a "phreaker" is one who uses his skillz to manipulate the phone system.  The second thing is to head over to

http://www.chkrootkit.org

Read and learn.  At your level of skill you are not likely to find out much of anything about the black-hat hacker, assuming he or she's any good.  The best you can do is try to understand how your box was vulnerable and prevent it in the future.

Of course, Mitel has gone to great lengths to close the commonly-available security holes in the default install, so you may not even have been hacked.

[Eli Shepes]

Right, so hacker then.

Thanks for your help.

[Guck Puppy]

Eli Shepes wrote:
>
> Right, so hacker then.

Hey, since we're talking terminology, let's just go ahead and say "cracker"

http://www.catb.org/~esr/jargon/html/C/cracker.html

G

[dave]

What is it that makes you believe you've been hacked?  If you have some kind of actual proof that you've been hacked (like log entries), you should probably send it to security@e-smith.com.

[Eli Shepes]

I was chatting to someone who said their friend tried to break into my computer. He asked me if I had a firewall I said yes, he said his friend couldn't get through.
So I wanted to know how to tell if someone tried to (and also did) break into my system. I know all about windows, I am the king of my computer. But linux, it's a new feat for me. I don't mind reading hundreds of websites to understand how to do it.

The other thing is, I remember reading about how hacking is learning about things and the other word I remember was phreaking when I actually meant cracker.
And I certainly didn't want to debase a real proper hacker with the image of a 14 year old kid trying to illegally stuff someones computer up.
After all, I guess, and tell me if I am wrong, but me pulling apart and fiddling around with my first (then top of the line but now crappy) 286 computer is a form of hacking.

[Greg Zartman]

Eli

I don't think you understand WHAT a Linux firewall is.  What it is not is a set of countermeasures to fight off would-be intruders or some impenetrable barrier.  What it is a set of rules that define how your server will talk to the internet via your WAN adapter.

I'll use an example to show how the SME firewall works (Note:  Thishis isn't a perfect example, but an oversimplification... I’m sure many will pick it apart):

Let’s say we have two rooms separated by a sound proof wall:  Room A and Room B.  Room A is your room and you have the one and only key to this room (i.e., you control all access to Room A).  Room B has an open door policy and anyone can come and go as they please.  With the sound proof wall separating the two rooms, people in either room have no idea what the others are doing.  This means that you can go into Room A without worrying about the people in Room B knowing what you are doing and what not.

Now, let’s say we install a phone connecting both rooms so that you can talk to people in Room B and visa versa.   Because you don't want just anybody to have access to "the phone" you hire a security guard to operate the phone on your end.  Since he works for you, you get to tell him who uses the phone on your end and what types of incoming calls, from Room B, are allowed.  You tell the guard that it is OK if people in your Room A (your room) use the phone as long as he listens in on another extension.  Further, you tell the security guard that only he can answer incoming calls and that he must verify the type of call and the caller before letting people in Room A (your room) talk the call.  Since he has caller ID, he won't even answer the phone if the call is from a caller that isn't allowed.    

The guards job isn't to fight off people in Room B who might try to tunnel under the sound proof wall, but to simply answer the phone and moderate the types of calls that are made.  

Bringing this example back to reality; the security guard represents the Linux kernel (i.e., the firewall).  When we setup SME in gateway mode, the Linux kernel moderates incoming and outgoing network traffic across the gateway based on a set of rules.  These rules are pretty good, but not perfect.    What you should not do is dare people to try to “break” into your internal network.  That is just asking for trouble.

Good luck.

Greg Zartman

[Eli Shepes]

No, I didn't dare anyone to "break" in, he just did (or at least tried to). Which started me thinking about security. I am also hosting a website which probably makes me more vulnerable. Thanks for the explanation