ec 14 12:45:24 www portmap[98]: warning: cannot open /etc/hosts.allow: Permission denied
Dec 14 12:45:24 www portmap[7344]: connect from xxx.xxx.xxx to dump(): request from unauthorized host
Dec 14 13:06:57 www identd[7389]: started
Dec 14 13:29:55 www portmap[98]: warning: cannot open /etc/hosts.allow: Permission denied
Dec 14 13:29:55 www portmap[7479]: connect from xxx.xxx.xxx to dump(): request from unauthorized host.

xxxx being the totally unknown IP adress that tried to get in.
Did they get access to anything ? What should I do ? Does my server seems secure ?

Thanks !!!
Donov

looks like they might have gotten in, if you had bastille linux, you might be able to see if they changed anything... But, since they got an access denied, they might not have. Check your logs more closely, see if anyone gave (or tried to give...) himself root access.

------------------
Nathan
Q: How many existentialists does it take to screw in a lightbulb?
A: Two. One to screw it in and one to observe how the lightbulb itself symbolizes a single incandescent beacon of subjective reality in a netherworld of endless absurdity reaching out toward a maudlin cosmos of nothingness.

Well, I checked the auth.log, It seems no one got root access except me / my IP.....

Donov

Quick thought, was that your var/log/messages file? Do you put all your logs in the default system log? If not check them for file uploads (root kit) chmod actions, and passwd access.

Yes it was /var/log/daemon.log

What log file should I check to see the chmodes, passwd access.... ?

Thanks,
Donov

i think the problem is permissions with your hosts.allow file

What permission should I set for this file ? (they got access denied).

Donov

/etc/hosts.allow & /etc/hosts.deny should both be..

-rw-r--r-- 1 root

A.K.A. owned by root, no group ID, Read & write acces to root and read only access to group and world.


------------------
[X] YES! I'm a brain-damaged lemur on crack, and I'd like to order your software package for $459.95!

My first reaction to crap like this, is to trun a flood ping or an nmap SYN scan on them (mybe two or three).

Being on cable, this especialy effective http://www.linuxnewbie.org/ubb/tongue.gif

Go through /etc/inetd.cong and turn off ALL your services. Unless you _really_ need them.

Yeah, but cable (especially @home)has this funny thing with thier proxy server that doesnt make it really effective. Bridged DSL on the other hand (not to mention the other to boxes on other dedicated connections) can make a ping flood and syn scan barrage really effective. http://www.linuxnewbie.org/ubb/tongue.gif

Originally posted by Beowulf_Ghost:
My first reaction to crap like this, is to trun a flood ping or an nmap SYN scan on them (mybe two or three).

Being on cable, this especialy effective http://www.linuxnewbie.org/ubb/tongue.gif

Go through /etc/inetd.cong and turn off ALL your services. Unless you _really_ need them.

My favorite solution is to shut off inetd altogether. http://www.linuxnewbie.org/ubb/biggrin.gif

------------------
grab my gnupg key (http://jove.prohosting.com/~msibn/sibn-p.asc) if you feel so inclined.


cAPS lOCK? wHAT cAPS lOCK?
I cna ytpe 300 wrods pre mniuet!!!
an operating system has not just advantages...

I just happen to have bridged DSL http://www.linuxnewbie.org/ubb/biggrin.gif

The funny thing is, I'm not using any proxy's http://www.linuxnewbie.org/ubb/tongue.gif

They just roled out #Home here and I got a static IP and I no proxy's. I have heard on other places being limited to DHCP only, but proxy's are news to me.

So basically I do have an always on, dedicated connection. Until AT&T come out here and changes things (I doubt that will happen for a while).

Not only that, but the cabel guy told me I'm the only person on this trunk (sweet), and since this is kind of a rural area, I doubt I'll ever have to share it with many people.

Another thing you might try is
chattr +i /etc/hosts.allow
Then not even root can change it.
That should slow them down.

Beowulf_Ghost,

You mean you never seen the proxy:8080 setting in any of your documentation? How odd, I have teched many folk from around the country and they all had proxy:8080, or the full name of the "transparent" proxy for thier area. But then again they were also on Windows.

I am suprised that you never ran across this little "Feature" during a traceroute or setup though. Maybe I should do some more digging.

------------------
[X] YES! I'm a brain-damaged lemur on crack, and I'd like to order your software package for $459.95!

Like I said, they just rolled out cable here. It was tied up in Portland courts for awhile.

When I got my cable, the cable guy gave me a peice of paper with my static IP, DNS and gateway numbers. I pluged them into Linux and BeOS, and everything worked fine. I never had to touch my proxy settings.

The reason I went with cabel over DSL, was due in a large part, to a 3 part article that ran in a local computer rag. Basicaly, they went through every detail of the history of DSL, and how it is implemented.

It breaks down like this;
For years the telcos made their money selling telephone access. But years of government regulation made things tough on them. To keep their heads above water, they had to keep the phone switches 90% idle. This is why the charged more for business lines, because they were on the switches more often.

Then along comes the computer boom, and along with it, the modem boom. Now people who used to only tie up the switches for a 5 minute phone call, are downloading software, and reading web pages for hours on end. And regulations keep them from charging more.

So the telcos come up with DSL. The driving force behind DSL, is to get you off the voice switches. After that comes making up money they lost while every one was using modems over voice lines.

Another thing that is nice about cabel is that AT&T will let you buy your own cable modem, which cuts you monthly rate down to $30 (you pay an extra $10 to lease one from them). However, none of the telcos in Oregon let you use your own DSL modem. They have their own proprietary modem, that can only be purchased from the telco, and they are peices of crap that inevitably break. And when it breaks, the telcos are in no rush to fix it. They don't care, they made a ton of money off you, and kept you off the voice switches for awhile.

Another problem with DSL, is that they are only looking at the short term. Again, they _need_ to get you off the voice lines. So the infarstucture they put up for DSL won't handle large loads.

All in all, it sounds like some Microsoft'ish scheme to screw the consumer.

what is portmap for ?
Can I disable it ?

I run a webserver, apache, php, mysql...

Donov