From owner-freebsd-stable Thu Dec 27 19: 4:59 2001 Delivered-To: freebsd-stable@freebsd.org Received: from pr0n.kutulu.org (pr0n.kutulu.org [151.196.107.157]) by hub.freebsd.org (Postfix) with ESMTP id 75AAD37B419 for ; Thu, 27 Dec 2001 19:04:44 -0800 (PST) Received: from cc191573g (cc191573-g.longhill1.md.home.com [24.37.104.136]) by pr0n.kutulu.org (Postfix) with SMTP id 443D8E2; Thu, 27 Dec 2001 22:06:33 -0500 (EST) Message-ID: <00da01c18f64$635e98d0$88682518@cc191573g> From: "Kutulu" To: "Peter Ong" , References: <013a01c18f48$f156cf20$0101a8c0@haloflightleader.net> <00be01c18f62$d67b5b20$88682518@cc191573g> <016001c18f4a$da2fc480$0101a8c0@haloflightleader.net> Subject: Re: Trying NT Hacks Date: Thu, 27 Dec 2001 21:56:26 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG From: "Peter Ong" Sent: Thursday, December 27, 2001 6:53 PM > I guess I'm judging too quickly. Anyway, there hasn't been a successful > break in just yet. Now I'm wondering if there's some extra precautions I > can take to ensure that a break in doesn't occur. You already took the really important one: you didn't run IIS :) On a serious note, though, portscanning entire chunks of the IP space is an extremely common tactic for kiddies trying to locate exploitable systems. A nice firewall that drops packets (on ports you don't need, obviously) helps, but when you need port 80 open for legitimate anonymous access, there's not a lot you can do. Keep your installed apps up to date (portupgrade and cvsup are godsends here) and keep up with CERT (www.cert.org) and related security sites. If you have the space CPU/disk, run something like snort (/usr/ports/security/snort) to keep an eye on suspicious activity, and in many cases, drop traffic with suspicious content beyond what an IP filter can do. Run as little as possible on your public servers, and especially be careful giving user accounts on public machines, as local users greatly increat\se the security risks. --K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message