Date: Sun, 20 Dec 1998 11:59:30 +0000 (GMT) From: Alejandro Galindo Chairez AGALINDO <agalindo@servidor.exsocom.com.mx> To: freebsd-security@FreeBSD.ORG Subject: Re: udp security (fwd) Message-ID: <Pine.BSF.3.96.981220115908.2689B-100000@servidor.exsocom.com.mx>
next in thread | raw e-mail | index | archive | help
---------- Forwarded message ---------- Date: Sun, 20 Dec 1998 11:20:12 +0000 (GMT) From: Alejandro Galindo Chairez AGALINDO <agalindo@exsocom.com.mx> To: Karl Pielorz <kpielorz@tdx.co.uk> Cc: questions@FreeBSD.ORG Subject: Re: udp security Thanks Karl i was doing exactly like your suggestions, but in my mind the big problem is dont know how they access the servers, and how they did it across udp. when i reesinstalled the operating system of course i close all the back doors instelled from them but this morning i have the next monitoring: ----------------- Click here ----------------- >From Address To Address Proto Bytes CPS ================================================================================ pegasus.mobil.com..domain www.computercenter.c..domain udp 1250238 462 servidor.exsocom.com..domain pegasus.mobil.com..domain udp 1207960 368 pegasus2.mobil.com..domain www.computercenter.c..domain udp 1168200 765 servidor.exsocom.com..domain pegasus2.mobil.com..domain udp 1153864 331 www.computercenter.com.mx pegasus.mobil.com icmp 1052016 392 www.computercenter.com.mx pegasus2.mobil.com icmp 984648 672 servidor.exsocom.com..telnet desarrollo00.exsocom.c..1043 tcp 565621 240 pegasus.mobil.com..domain servidor.exsocom.com..domain udp 437580 118 pegasus2.mobil.com..domain servidor.exsocom.com..domain udp 417978 132 A ------------------ cut here ------------------- if you see here they are attacking from mobil.com servers (in this case), exactly like this i have many references becouse they change the attack from diferent servers and dialup connections. Of course here i supouse that like i close the back doors they are sending a lot of packets for win access one more time, and the important here is know how to block their attacks. Regards Alejandro On Sun, 20 Dec 1998, Karl Pielorz wrote: > > Alejandro Galindo Chairez AGALINDO wrote: > > > i need help, i need to know how to protect my servers, but the most > > important in my mind is to know how they are accessing the servers, i > > buyed the Firewalls book from Oreally & associates and i was using the > > firewall with ipfw, but this dont stop the hackers. > > > > thanks for your help > > This isn't really FreeBSD related... Do you know for 100% that you have > removed the hackers, and all their equipment from your compromised system? > It's not uncommon for hackers once they have a connection to leave numerous > back doors in the system - so they can get in again... > > Even your firewall won't help with that... The only way you can be 100% sure > you have got rid of them is probably to either reinstall the machine, or break > out the backups form a time you are _certain_ you weren't hacked... > > Once you have the new machine up, follow all the security guidelines (i.e. use > a firewall like your doing, make sure the machine only runs the services you > need - e.g. disable everything you don't need from inetd etc.) > > Only then will you stand a chance of keeping them out... > > As for attacks via UDP - this is certainly possible, though I've not seen any > exploits for FreeBSD and UDP for as long as I can remember... :) > > -Kp > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981220115908.2689B-100000>