From owner-freebsd-questions Wed Dec 23 10:22:33 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA19702 for freebsd-questions-outgoing; Wed, 23 Dec 1998 10:22:33 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from mercury.jorsm.com (mercury.jorsm.com [207.112.128.9]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA19695; Wed, 23 Dec 1998 10:22:30 -0800 (PST) (envelope-from jer@jorsm.com) Received: from localhost (jer@localhost) by mercury.jorsm.com (8.8.7/8.8.7) with SMTP id MAA07566; Wed, 23 Dec 1998 12:22:22 -0600 (CST) Date: Wed, 23 Dec 1998 12:22:21 -0600 (CST) From: Jeremy Shaffner To: Alejandro Galindo Chairez AGALINDO cc: freebsd-security@FreeBSD.ORG, questions@FreeBSD.ORG Subject: Re: udp security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG It's toast. Unplug the thing immediately. Backup user and system files (and audit them!). Reinstall (2.2.8) on another drive, or a new box. Recover first, investigate second. On Sun, 20 Dec 1998, Alejandro Galindo Chairez AGALINDO wrote: > My name is Alejandro and i have some servers in Mexico with FreeBSD 2.2.5, > 2.2.6 and 2.2.7 releases (from Walnut Creck CDROM) > > One mounth ago my servers was been attacked from some hackers, i was > monitoring their activities and i only know that they are using the user > datagram protocolo, i installed a firewall but this cant stop their > activities, iam worried becouse last week they delete the log files from > /var/log and last day they access one of my server with a username and a > password (they created the username and password, they access the server > for 3 minutes and then they delete the user) IAM WORRIED becouse i dont > know how they did that, the server violated had the 2.2.5 version and i > upgrade it to 2.2.7 release, but this morning the hackers insist in access > my servers. > > i need help, i need to know how to protect my servers, but the most > important in my mind is to know how they are accessing the servers, i > buyed the Firewalls book from Oreally & associates and i was using the > firewall with ipfw, but this dont stop the hackers. > > thanks for your help > > Alejandro Galindo > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -===================================================================- Jeremy Shaffner JORSM Internet Senior Technical Support Northwest Indiana's Premium jer@jorsm.com Internet Service Provider support@jorsm.com http://www.jorsm.com -===================================================================- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message