[CLUE-Tech] Lousy no-good @!$#%@#$% (cracked)

Dave Hahn dhahn at techangle.com
Tue Jan 29 09:58:25 MST 2002 

FTP: Use ProFTPD, wu-FTPD has had quite a few problems.  (Like Jim, I've
had to go in and help clean up after a compromise; wu-ftpd has been one
of the largest holes.)

SMTP: I've used sendmail for years and I've never had it hacked, but the
trick is to keep it *always* updated.  For security, speed and ease of
configuration you may want to consider a change to Qmail.

SSHd: Protocol v1 has some trouble, lock you box down to only use v2.
(/etc/sshd/sshd_config)

Consider loading PortSentry and Tripwire.  PortSentry will watch any
ports (very configurable) and drop, reject, notify you of any traffic
that you consider inappropriate.  Tripwire (a bit harder to get going)
will help you make sure that no one has modified your system binaries.

-Dave Hahn
TechAngle Inc.

On Tue, 2002-01-29 at 07:02, Adam Bultman wrote:

    Okay: This thread has been absolutely fascinating!  I must say.  
    
    However, here is my question.   At work, I've got a linux box on the 
    Internet.  Red Hat 7.2, and I've used 'bastille' to allegedly lock it down 
    a bit.  I'm running FTP, Sendmail, and ssh.  Yeah, that's it.  Anyway, 
    it's been up on the net for a bit, and I'm wondering: What else can I do 
    to lock it down?  My network segment here isn't scanned much, but I'm 
    still worried about being cracked.  
    
    Secondly:  I've got an OpenBSD firewall on my ISDN router acting as a 
    firewall. Is there many stories of OpenBSD getting cracked?  I'm running 
    ssh and ftp on there, and other ports are forwarded elsewhere (sendmail, 
    fr example is sent to a linux box).  
    
    oh, well.  Hope things get cleaned up okay, I'd recommend a clean install, 
    rather than cleaning up the mess that's been made.
    
    adam
    
    
    _______________________________________________
    CLUE-Tech mailing list
    CLUE-Tech at clue.denver.co.us

http://clue.denver.co.us/mailman/listinfo/clue-tech

    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue-tech/attachments/20020129/6c603077/attachment.html

More information about the clue-tech mailing list