Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: cryblood on January 28, 2000, 05:23:13 AM
-
Hi all... Hows your mom-n-them?
Hey, I have a script kiddie port scanning the High # ports on my e-smith server. He looks like he's trying like heck to find what I guess to be an open port due to a trojan or something. What I would like to know is; does anyone have any hints on how to increase the amount of logging that the e-smith server does? Also, does anyone have any hints about how to know for sure if he got in/exactly what he did? A friend of mine who is much smarter than me says it looks like he definately connected to the server but I'm not so sure. Anyway... It looks like this guy (the hacker) is at least intelligent enough to know how to spoof an IP because I'm getting the EXACT types of attacks from differant IPs. (wouldn't you know it, they are all coming from cable modems. looks like at least 1 @home and a Road Runner) does anyone have experiance with calling a cable modem co. and having them "fix" this sorta thing either by cutting off the offending miscreants hands or at least contacting them and let them know they have been compromised or something?
thanx.
-
Ummm...
Nevermind...
Miscreant caught... er... it ended up being someone who works here who was playing to "test" the security. The reason it seemed like he was moving was he also did it from his bro's house too. (I'm not sure why) But the upside is microsoft boy (boss) was worried enough about it that he's gonna let me do a little tweaking to the network in order to make it more secure! YYYAAAYYY!!! too bad I have to come in on a saturday to do it. booooo! Oh well... tis the price you pay for being such a smart person. (smart as in smart-ass probably).
Anyway... I would still like hints on more logging / better methods to read the logs if anyone has any.
thanx!
-
cryblood wrote:
> Hey, I have a script kiddie port scanning the High # ports on
> my e-smith server. He looks like he's trying like heck to
> find what I guess to be an open port due to a trojan or
> something.
Everybody connected to the Internet gets scanned. I wouldn't necessarily worry too much about it. There are no known vulnerabilities in the e-smith server, and since there are only a few services, and only some of them accept connections from the outside network, there aren't likely to be many unknown vulnerabilities either.
> What I would like to know is; does anyone have any hints on
> how to increase the amount of logging that the e-smith
> server does?
A linux guru, guided by the customisation documentation on http://www.e-smith.org, would be able to help you with that.
> Also, does anyone have any hints about how to know for sure if
> he got in/exactly what he did? A friend of mine who is much
> smarter than me says it looks like he definately connected to
> the server but I'm not so sure.
Anyone can connect up to the public ftp and http servers. But
just connecting doesn't achieve anything malicious.
Read up on RPM's verification feature. RPM can verify the integraty most of all installed programmes. I haven't heard of any crack scripts which also patch the RPM verification database - although it's certainly possible in theory.
Charlie
-
Hey thanx Charlie!
I shoulda thought of the RPM varification! (cryblood feels like a dumkof... but then again, that's a familiar feeling)
~:>)~
maybe I could write a script so that microsoft boy (boss) can run it and see that everything is ok anytime he wants. Naaa.... he wouldn't really like it unless I could figure out how to give it a GUI and mouse support! hehe...
night!
-
cryblood wrote:
> maybe I could write a script so that microsoft boy (boss) can
> run it and see that everything is ok anytime he wants.
> Naaa.... he wouldn't really like it unless I could figure out
> how to give it a GUI and mouse support! hehe...
You *do* know that tcl/tk has been ported to the Win32 environment dont you.
-
yes, I actually have it (tcl/tk) installed on a winNT and a win95 box; however, that doesn't mystically inpart onto my tiny, sub-human brain the knowlege that is required to make it go! ;') Besides that, I wouldn't know how to make tcl/tk on microsoft boy's (boss) win95 workstation to run the verification on the e-smith server. :'( Guess it'll just have to wait until I have enough $$$ saved up for that brain transplant i so desperately need. Everyone save your soda can tabs!!! :')
I actually thought about writing it in perl and adding it to the e-smith manager but then I remembered that I don't know how to write anything in perl either. Gosh, sure is a bummer being me isn't it.