RE: an alarming message

Subject: RE: an alarming message
From: Steve McGrane (steve@globaltap.com)
Date: Mon Jan 08 2001 - 05:56:52 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Bryn Hughes: "Re: Ethernet pain"
• Previous message: Iain Stevenson: "Re: dial-up problems"
• In reply to: Darrin Tams: "Re: an alarming message"
• Reply: Steve McGrane: "RE: an alarming message"

Darrin is right, out of the box, almost all (hoping) Linux servers are very
vulnerable. There are several ways to close this down, and "linuxconf" is
probably the easiest way.

Look for "Control Service Activity" and you will get a good idea of what
services are running and what aren't. You can turn off most of the services
that start with an "r" as well as portmap and nfsd if you aren't sharing
files through nfs.

A good document for further research is:
http://www.enteract.com/~lspitz/linux.html

- Steve
Co-Location and Dedicated Hosting starting at $125/mo
http://www.globaltap.com

-----Original Message-----
From: Darrin Tams [mailto:coloorbust@yahoo.com]
Sent: Sunday, January 07, 2001 11:20 PM
To: yellowdog-general@lists.yellowdoglinux.com
Subject: Re: an alarming message

I recieve that all the time from a Terminal Server on our network for some
library terminals. From the research I did on it, it is a harmless
configuration somewhere on your network (probably a Mainframe Server and
terminal host system on your network (Server Service)) broadcassting out a
request to see if it's host is there. At one time I figured out which
service was listening for this on Linux (consequently replying and resulting
with the error message) but then made some changes which must have turned it
back on. I had forgoten which service it was and since then I just let it
go.

Find out who/what is using that IP and you'll know weather or not it is a
harmless server connfiguration trying to talk to another computer or a
trouble user out to get you.

----- Original Message -----
From: "Gawain Reifsnyder" <gawain@guitar.net>
To: <yellowdog-general@lists.yellowdoglinux.com>
Sent: Saturday, January 06, 2001 7:51 PM
Subject: an alarming message

> I noticed this in my /var/log/messages:
>
> 203.239.64.9 sent an invalid ICMP error to a broadcast.
>
> It also was waiting for me on the login screen of our YDL machine
> when I went to log in.
>
> Was somebody trying to pull some funny business with the server?

Shop Safely Online Without a Credit Card
http://www.rocketcash.com

• Next message: Bryn Hughes: "Re: Ethernet pain"
• Previous message: Iain Stevenson: "Re: dial-up problems"
• In reply to: Darrin Tams: "Re: an alarming message"
• Reply: Steve McGrane: "RE: an alarming message"

This archive was generated by hypermail 2a24 : Mon Jan 08 2001 - 06:01:46 MST