[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] how to config ipchains?

Subject: [cobalt-security] how to config ipchains?
From: "Armin Baldemair @ ARMIXnetworks.com" <armin.baldemair@xxxxxxxxxxxxxxxxx>
Date: Sat, 30 Nov 2002 16:21:42 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

i've installes 15 (!) updates and my server had problems using php ... but i
corrected ist.
last but not least i installed ipchains. it's my first time i'm using a
firewall on a linux machine.

now, can anybody tell me some rules, which i should set at ipchains to
prevent hack attacks and trojans.
(correct syntax would be helpful for a ipchains-newbie like me ;-)

thanks,
armin

----- Original Message -----
From: "Dave" <dave@xxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Saturday, November 30, 2002 4:06 PM
Subject: Re: [cobalt-security] hacked - please help! - my server scans port
53 on serval nets


> port 53 is also DNS...  could that factor into anything??
>
> also, a ddos client isnt hacked, its more of a trojan
> ----- Original Message -----
> From: "Armin Baldemair @ ARMIXnetworks.com"
> <armin.baldemair@xxxxxxxxxxxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Sent: Saturday, November 30, 2002 7:28 AM
> Subject: [cobalt-security] hacked - please help! - my server scans port 53
> on serval nets
>
>
> > hi,
> >
> > two days ago i got some mails that my server scans serveral networks for
> > dns-port 53.
> > i saw in the apache-log that there are attacks aginst iis in the same
> time.
> > so i think anybody hacked me..
> >
> > i read in the list that there are hacks called "trinity ddos" which uses
> > port 53 to communicate?
> > knows anybody help for me? i don't want to reinstall the server because
> > there are many customers of my company on this and the server is housed
in
> > germany.
> > im running a raq3 with the software of raq4.
> >
> > should i update my os-sftware? (the last time i did the server crashed
and
> i
> > had to reinstall it, so in only installed "RaQ4-All-Security Release
> > 1.0.1-8762".)
> >
> > thanks for any help!
> >
> > armin baldemair
> > armin.baldemair@xxxxxxxxxxxxxxxxx
> >
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.423 / Virus Database: 238 - Release Date: 25.11.2002
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.423 / Virus Database: 238 - Release Date: 25.11.2002

Follow-Ups:
- Re: [cobalt-security] how to config ipchains?
  - From: Gerald Waugh

References:
- [cobalt-security] hacked - please help! - my server scans port 53 on serval nets
  - From: Armin Baldemair @ ARMIXnetworks.com
- Re: [cobalt-security] hacked - please help! - my server scans port 53 on serval nets
  - From: Dave

Prev by Date: Re: [cobalt-security] hacked - please help! - my server scans port 53 on serval nets
Next by Date: RE: [cobalt-security] Installation and use of chkrootkit by Steve Young
Previous by thread: Re: [cobalt-security] hacked - please help! - my server scans port 53 on serval nets
Next by thread: Re: [cobalt-security] how to config ipchains?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index