[lug] i got hacked

j davis davis_compz at hotmail.com
Fri Apr 19 12:58:52 MDT 2002


well, for starts i now have a bad ass iptables firewall, snort nids in combo 
with snort2iptables...i upgraded all my daemons
that needed it and im running a very tight tcpwrapper config.

thanks to you all for the help

jd

>From: "Harris, James" <James_Harris at maxtor.com>
>Reply-To: lug at lug.boulder.co.us
>To: "'lug at lug.boulder.co.us'" <lug at lug.boulder.co.us>
>Subject: RE: [lug] i got hacked
>Date: Fri, 19 Apr 2002 10:55:32 -0600
>
>Yes, I'd agree that you want to focus some time in the configuration of it,
>however, I think what I've always shot for on systems like this is
>kiddie/cracker prevention and detection as opposed to full on hacker
>prevention.
>
>I think it all depends on what your goals are.  If you want to try to
>prevent the "real" hackers, you're going to invest a tremendous amount of
>time and energy.  If you want simply to filter out the 90% mark, then I
>think you can get a good balance of security and time using tools like
>Tripwire.
>
>My two cents...
>
>-----Original Message-----
>From: Bear Giles [mailto:bgiles at coyotesong.com]
>Sent: Friday, April 19, 2002 10:25
>To: lug at lug.boulder.co.us
>Subject: Re: [lug] i got hacked
>
>
> > One final piece of advise when you rebuild, install tripwire.  All of
> > the firewall recommendations, combined with wrappers, log sentry (log
> > check) will help prevent it from happening again, but tripwire will
> > let you know if it _does_ happen again.
>
>If tripwire isn't installed properly, it can give you a false sense of
>security.  In a situation like this you *must* use media which is 
>physically
>read-only - a knowledgeable attacker would simply update your tripwire
>database if it's not on readonly media (not just a readonly partition or
>file).
>
>Bear
>_______________________________________________
>Web Page:  http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>_______________________________________________
>Web Page:  http://lug.boulder.co.us
>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




More information about the LUG mailing list