Subject: Re: Attemted Theft of Services via FTP
From: Christian Gross (ChristianHGross@yahoo.ca)
Date: Fri Mar 01 2002 - 04:54:20 MST
At 12:51 01/03/2002 -0800, you wrote:
>Patrick Callahan wrote:
>
> >
> > Feb 28 07:52:24 localhost proftpd[22095]: localhost.localdomain
> ([24.90.163.104]) - USER ftp (Login failed): Invalid shell.
>
>You have not finished seeing messages like this !!!! You will spend your
>time and money in law
>courts if you react like this... Just secure your workstation: SSH,
>TCP-Wrapper, Check out for
>obvious holes in your /etc/passwd file, use shadow, become paranoid if you
>want to stay
>connected. I have about 10 crack temptative a week... Also upgrade, patch
>ass soon as there
>is a security wekness discovered. Check regularly security web sites.
>Bye
Exactly, it is a cruel world out there. But what I do and this has worked
extremely well for me is to take a single box and use it as a router. I
have a DSL modem, which connects to the box via ethernet and the second
ethernet card connects to my local network. The single box is both a
firewall and controller of the network. On it I install software extremely
conservatively and close off all ports except 80 and 8080 (need them for
other purposes). And as such I have never had a hacker to get past the
router. Plenty of tries though... The advantage of this approach is that
I can experiment with configurations and not have to worry about getting
hacked or forgetting something. BTW my box is a left over computer that is
not usable for development, but makes a good router.
Christian Gross
This archive was generated by hypermail 2a24 : Fri Mar 01 2002 - 05:09:10 MST