[SLE] hmm... security mayhem...
what about messages like: linux in.telnetd[4813] connect from 12.77.192.88 followed by peer died, invalid character or in.ftpd[8915] connect from 209.173.192.62 are these people connecting to my box? _____________________________________________________ Daniel Woodard daniel.woodard@extricate.com design@mindspring.com -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
The answer is simple: read your syslog again! Rogier Daniel Woodard wrote:
what about messages like: linux in.telnetd[4813] connect from 12.77.192.88 followed by peer died, invalid character or in.ftpd[8915] connect from 209.173.192.62 are these people connecting to my box?
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Sun, 26 Dec 1999, you wrote:
what about messages like:
linux in.telnetd[4813] connect from 12.77.192.88
followed by peer died, invalid character
or
in.ftpd[8915] connect from 209.173.192.62
are these people connecting to my box? _____________________________________________________
Daniel Woodard
I would say yes someone is trying to connect to your computer. I would also hope that after that it says something about "connection refused . . .etc." If it doesn't chances are that they did connect to your computer. If they connected then you have to worry about weather or not they can get in. I would say you should look into setting up a firewall or at least turning off some services you don't need if this is happening alot. You can also configure IPs that you want to allow to connect to certain services and block others. Personnally I don't worry about it much when I get scanned because there is nothing on my computer to get to, but as I put alot of work into setting this up I watch the logs and still take the time to report people who try. Keep an eye on your log files and watch for repeated attempts. Every now and then I get what I would call a random message but if I see several then I start taking notes and doing whois searches etc. You might also consider running root-tail so you can see it when it happens too. Good luck. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Darren R. Weber drw@linuxfan.com ICQ# 2849193 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Darren R. Weber wrote:
On Sun, 26 Dec 1999, you wrote:
what about messages like:
linux in.telnetd[4813] connect from 12.77.192.88
followed by peer died, invalid character
or
in.ftpd[8915] connect from 209.173.192.62
are these people connecting to my box? _____________________________________________________
Daniel Woodard
I would say yes someone is trying to connect to your computer. I would also hope that after that it says something about "connection refused . . .etc." If it doesn't chances are that they did connect to your computer. If they connected then you have to worry about weather or not they can get in. I would say you should look into setting up a firewall or at least turning off some services you don't need if this is happening alot. You can also configure IPs that you want to allow to connect to certain services and block others.
Ipchains is part of the solution. Set up TCP wrappers to not allow connections to your computer. See also http://www.georgetoft.com/security and http://www.georgetoft.com/network I have a script that scans the logs for refused connections and e-mails the results to me each day. This refused report is sorted by offending IP address, which allows me to easily see scans that take place during log rotation.
Personnally I don't worry about it much when I get scanned because there is nothing on my computer to get to, but as I put alot of work into setting this up I watch the logs and still take the time to report people who try. Keep an eye on your log files and watch for repeated attempts. Every now and then I get what I would call a random message but if I see several then I start taking notes and doing whois searches etc. You might also consider running root-tail so you can see it when it happens too.
I do. You should, too. Even if you have nothing important, an attacker can gain access to your computer, then use it as a jumping off point for attacks against someone else. Guess where the trail leads? Your house. I complained to a company that attacked my firewall. It wasn't the company, but some crackers that had compromised an old, insecure Red Hat install. The admin never secured the machine, so it was wide open. Their ISP received several hundred complaints about the attacks. Considering the rapid transition of the U.S. into an Information Police State, where the Feds can sieze your property if your are suspected of drug- or computer-related crimes and you don't get it back, even if you are never charged with a crime, I would take every precaution to make sure I am the only one using my computer. The concept of "due process" does does not exist anymore when it comes to drugs and computers. I'll research the exact laws and post a URL later - if there is interest. I've read them, they exist. -- George Toft http://www.georgetoft.com -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
George Toft wrote:
<snop>
I do. You should, too. Even if you have nothing important, an attacker can gain access to your computer, then use it as a jumping off point for attacks against someone else. Guess where the trail leads? Your house. I complained to a company that attacked my firewall. It wasn't the company, but some crackers that had compromised an old, insecure Red Hat install. The admin never secured the machine, so it was wide open. Their ISP received several hundred complaints about the attacks.
Considering the rapid transition of the U.S. into an Information Police State, where the Feds can sieze your property if your are suspected of drug- or computer-related crimes and you don't get it back, even if you are never charged with a crime, I would take every precaution to make sure I am the only one using my computer. The concept of "due process" does does not exist anymore when it comes to drugs and computers. I'll research the exact laws and post a URL later - if there is interest. I've read them, they exist.
-- George Toft http://www.georgetoft.com
They are called 'RICO' laws and were written to prevent racketeers from using their ill-gotten gains to buy high powered lawyers to defend themselves against prosecutors. Money considered to be revenues from illegal activies was declared 'guilty property' and 'punished' through forfeiture without recourse. The technique worked so well against organized crime (it's hard to defend yourself in a court of law if all of your resources were confiscated) that local law enforcement officers started using jailed druggers as 'snitches' who would implicate people police had targeted in return for reduced sentences. The pigeons were targeted because they had expensive property which would bring large incomes at auction or because the vehicles or planes could be converted to law enforcement use. Over 10,000 law-abiding Americans were targets of police 'RICO' raid during the past couple of years. Very few ever got their property back, even when they proved their innocense at great expense. So not only has the Bill of Rights protection against due process become an empty right, so has the 'innocent until proven guilty' aspect. It is interesting to note that the 'guilty property' law King George used to confiscate goods and property was one of the principal reasons put forth in the Declaration of Independence in support of the revolution. JLK -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Sun, 26 Dec 1999, you wrote:
Personnally I don't worry about it much when I get scanned because there is nothing on my computer to get to, but as I put alot of work into setting this up I watch the logs and still take the time to report people who try. Keep an eye on your log files and watch for repeated attempts. Every now and then I get what I would call a random message but if I see several then I start taking notes and doing whois searches etc. You might also consider running root-tail so you can see it when it happens too.
I do. You should, too. Even if you have nothing important, an attacker can gain access to your computer, then use it as a jumping off point for attacks against someone else. Guess where the trail leads? Your house. I complained to a company that attacked my firewall. It wasn't the company, but some crackers that had compromised an old, insecure Red Hat install. The admin never secured the machine, so it was wide open. Their ISP received several hundred complaints about the attacks.
Considering the rapid transition of the U.S. into an Information Police State, where the Feds can sieze your property if your are suspected of drug- or computer-related crimes and you don't get it back, even if you are never charged with a crime, I would take every precaution to make sure I am the only one using my computer. The concept of "due process" does does not exist anymore when it comes to drugs and computers. I'll research the exact laws and post a URL later - if there is interest. I've read them, they exist.
-- George Toft http://www.georgetoft.com
Ok this is getting a little long here, but just to clear the air I didn't say to ignore security or that I didn't understand the implications of an insecure system. I simply made an offhand comment that I have nothing worth having on my system. I've been using ipchains for months and reading about this whenever I have a spare moment, not to mention the systems I run for a living so I am not new at this. I am just somewhat new to the Linux way of doing it. I've been using SuSE since 5.3 about a year ago, but I've only been using the networking features heavily for the last 4 months since I got my ADSL setup. As for setting up another system just as my firewall: The issue isn't about cost or work it's space and electricity more than anything. When you have an office roughly 10 x 12 ft. with 2 computers both with large monitors a scanner 2 printers a fax machine, a hub, 2 ups systems an ADSL modem, video camera, paper shreader, phones, speakers and the rest of the works all plugged in on one circuit the last thing you want to do is plug in another box just to route packets. I have a perfectly good pentium133 and 2 3com net cards sitting in the other room unused. I simply have nowhere to put the stuff. My hope actually is to get one of the old laptops from work when we upgrade. I have one now running SuSE and it works great and takes up very little space. I thought with the addition of one more net card it would make a perfect space-saving router. As a bonus I wouldn't have to telnet or ssh to it because it will have a built in console. :-) Thanks to George though for the comments. I visited your site some months ago and found it very helpfull. Haven't gone back recently though been to busy with other projects. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Darren R. Weber drw@linuxfan.com ICQ# 2849193 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
I did not mean to offend. Sorry. Darren R. Weber wrote: [big snip]
Ok this is getting a little long here, but just to clear the air I didn't say to ignore security or that I didn't understand the implications of an insecure system. I simply made an offhand comment that I have nothing worth having on my system.
I guess I'm very paranoid. Or a control freak (wanting to control who has access to my machines).
I've been using ipchains for months and reading about this whenever I have a spare moment, not to mention the systems I run for a living so I am not new at this. I am just somewhat new to the Linux way of doing it. I've been using SuSE since 5.3 about a year ago, but I've only been using the networking features heavily for the last 4 months since I got my ADSL setup.
As for setting up another system just as my firewall: The issue isn't about cost or work it's space and electricity more than anything. When you have an office roughly 10 x 12 ft. with 2 computers both with large monitors a scanner 2 printers a fax machine, a hub, 2 ups systems an ADSL modem, video camera, paper shreader, phones, speakers and the rest of the works all plugged in on one circuit the last thing you want to do is plug in another box just to route packets. I have a perfectly good pentium133 and 2 3com net cards sitting in the other room unused. I simply have nowhere to put the stuff.
Probably my submarine past coming out - I've got five systems and a 16 port hub tucked on top of my desk. I love desktop cases.
My hope actually is to get one of the old laptops from work when we upgrade. I have one now running SuSE and it works great and takes up very little space. I thought with the addition of one more net card it would make a perfect space-saving router. As a bonus I wouldn't have to telnet or ssh to it because it will have a built in console. :-)
I thought of that, too! Unfortunately, my laptop's hard drive has a tendancy to die after it's been on for three days or more. Fujitsu may become tired of me soon.
Thanks to George though for the comments. I visited your site some months ago and found it very helpfull. Haven't gone back recently though been to busy with other projects.
Thank you! -- George Toft http://www.georgetoft.com -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
I was wondering if anyone knew a terminal emulator that can communicate to the serial port. Thanks, -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
miniterm. --------------------------------------------------------- Christopher Molnar New Enland Business Services, LLC Aetna, Inc. Hartford, CT USA Middletown, CT USA molnarc@nebsllc.com molnarc@aetna.com On Sun, 30 Jan 2000, Stathy G. Touloumis wrote:
I was wondering if anyone knew a terminal emulator that can communicate to the serial port.
Thanks,
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Is it possible to run an X-server without a graphic card and access the xserver remotely? -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (7)
-
design@mindspring.com -
grtoft@yahoo.com -
icarus@guldennet.nl -
JerryKreps@alltel.net -
molnarc@nebsllc.com -
stathy@jaske.com -
weberdr@bellsouth.net