Date: Thu, 27 Dec 2001 21:56:26 -0800 From: "Kutulu" <kutulu@kutulu.org> To: "Peter Ong" <peter@haloflightleader.net>, <stable@FreeBSD.ORG> Subject: Re: Trying NT Hacks Message-ID: <00da01c18f64$635e98d0$88682518@cc191573g> References: <013a01c18f48$f156cf20$0101a8c0@haloflightleader.net> <00be01c18f62$d67b5b20$88682518@cc191573g> <016001c18f4a$da2fc480$0101a8c0@haloflightleader.net>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Peter Ong" <peter@haloflightleader.net> Sent: Thursday, December 27, 2001 6:53 PM > I guess I'm judging too quickly. Anyway, there hasn't been a successful > break in just yet. Now I'm wondering if there's some extra precautions I > can take to ensure that a break in doesn't occur. You already took the really important one: you didn't run IIS :) On a serious note, though, portscanning entire chunks of the IP space is an extremely common tactic for kiddies trying to locate exploitable systems. A nice firewall that drops packets (on ports you don't need, obviously) helps, but when you need port 80 open for legitimate anonymous access, there's not a lot you can do. Keep your installed apps up to date (portupgrade and cvsup are godsends here) and keep up with CERT (www.cert.org) and related security sites. If you have the space CPU/disk, run something like snort (/usr/ports/security/snort) to keep an eye on suspicious activity, and in many cases, drop traffic with suspicious content beyond what an IP filter can do. Run as little as possible on your public servers, and especially be careful giving user accounts on public machines, as local users greatly increat\se the security risks. --K To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00da01c18f64$635e98d0$88682518>