From owner-freebsd-questions  Sun Dec 20 08:37:12 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA26036
          for freebsd-questions-outgoing; Sun, 20 Dec 1998 08:37:12 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA26021
          for <questions@FreeBSD.ORG>; Sun, 20 Dec 1998 08:37:07 -0800 (PST)
          (envelope-from kpielorz@tdx.co.uk)
Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242])
	by caladan.tdx.co.uk (8.9.1a/8.9.1) with ESMTP id QAA26027;
	Sun, 20 Dec 1998 16:36:54 GMT
Message-ID: <367D27A6.2EB3082A@tdx.co.uk>
Date: Sun, 20 Dec 1998 16:36:54 +0000
From: Karl Pielorz <kpielorz@tdx.co.uk>
Organization: TDX - The Digital eXchange
X-Mailer: Mozilla 4.5 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Alejandro Galindo Chairez AGALINDO <agalindo@servidor.exsocom.com.mx>
CC: questions@FreeBSD.ORG
Subject: Re: udp security
References: <Pine.BSF.3.96.981220102303.28050A-100000@servidor.exsocom.com.mx>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Alejandro Galindo Chairez AGALINDO wrote:

> i need help, i need to know how to protect my servers, but the most
> important in my mind is to know how they are accessing the servers, i
> buyed the Firewalls book from Oreally & associates and i was using the
> firewall with ipfw, but this dont stop the hackers.
> 
> thanks for your help

This isn't really FreeBSD related... Do you know for 100% that you have
removed the hackers, and all their equipment from your compromised system?
It's not uncommon for hackers once they have a connection to leave numerous
back doors in the system - so they can get in again...

Even your firewall won't help with that... The only way you can be 100% sure
you have got rid of them is probably to either reinstall the machine, or break
out the backups form a time you are _certain_ you weren't hacked...

Once you have the new machine up, follow all the security guidelines (i.e. use
a firewall like your doing, make sure the machine only runs the services you
need - e.g. disable everything you don't need from inetd etc.)

Only then will you stand a chance of keeping them out...

As for attacks via UDP - this is certainly possible, though I've not seen any
exploits for FreeBSD and UDP for as long as I can remember... :)

-Kp

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message