From owner-freebsd-questions@FreeBSD.ORG Sat Jun 20 01:35:36 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90D381065672 for ; Sat, 20 Jun 2009 01:35:36 +0000 (UTC) (envelope-from prad@towardsfreedom.com) Received: from idcmail-mo1so.shaw.ca (idcmail-mo1so.shaw.ca [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id 5A3CB8FC12 for ; Sat, 20 Jun 2009 01:35:36 +0000 (UTC) (envelope-from prad@towardsfreedom.com) Received: from pd2ml2so-ssvc.prod.shaw.ca ([10.0.141.134]) by pd4mo1so-svcs.prod.shaw.ca with ESMTP; 19 Jun 2009 19:35:35 -0600 X-Cloudmark-SP-Filtered: true X-Cloudmark-SP-Result: v=1.0 c=0 a=KoDPwd6_AAAA:8 a=psuDLxADmIyYhoE5co4A:9 a=I8p6a8TG_4mB-dkOdu0A:7 a=gMQ14NupeI0yqTIhAjjpNZQ4-vIA:4 a=pRA1kzQBem8A:10 Received: from unknown (HELO gom.localdomain) ([70.67.176.112]) by pd2ml2so-dmz.prod.shaw.ca with ESMTP; 19 Jun 2009 19:35:35 -0600 Received: from gom (localhost [127.0.0.1]) by gom.localdomain (Postfix) with ESMTP id 566B0EC2F for ; Fri, 19 Jun 2009 18:35:35 -0700 (PDT) Date: Fri, 19 Jun 2009 18:35:35 -0700 From: prad To: freebsd-questions@freebsd.org Message-ID: <20090619183535.006433d1@gom> In-Reply-To: <20090619143935.6c28be98.wmoran@potentialtech.com> References: <20090619111234.6883afd2@gom> <20090619143935.6c28be98.wmoran@potentialtech.com> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.2; x86_64-unknown-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: backdoor threat X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jun 2009 01:35:36 -0000 On Fri, 19 Jun 2009 14:39:35 -0400 Bill Moran wrote: > Sure. It costs almost nothing to send a fax message, and he could > send it over and over and run you out of paper and ink while you're > sleeping. Infantile, yes. > yes except for the fact that i don't have a fax machine and the number is incorrect anyway :D > Sure, there's 1000000000 things. Start by running a nmap scan from a > different computer and see what ports are open. Investigate each > program listening on those ports to ensure it's properly secured. > ok this is really neat! we did the scan and found what the open ports are. so the first one we changed was the ssh. then a friend said he assigns ports that are not used in /etc/services, so i presume this means for instance if we change the http port, we'll have to tell our http server to do business on that port? is this what you mean by ensuring that the program listening on a port is properly secured? or is there something else? > Making secure web forms is too complex to discuss in a single email. > ok we'll look into this further. we really don't have too many web forms and the forum software we use is punbb which i think they (rickard et al) take good care of. > Of course, the "someone" could just be spouting off. ... Some people > brag without being able to back it up. > i think this is such a situation. i think the person thought i'd be astonished that he was able to pull my first and last name as well as my address out of a whois search and show them to me :D and by showing me that he can use words like backdoor and BSD, no doubt i should step back and bow to his level of expertise! still, i see this as an opportunity for my son and myself to learn something we really haven't paid much attention to, so we're going to do it! thx for your help bill! -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's