Gentoo Archives: gentoo-user

From: Michael Sullivan <michael@××××××××××××.com>
To: gentoo-user <gentoo-user@l.g.o>
Subject: [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them
Date: Thu, 22 Feb 2007 16:51:30
1 I have logsentry installed on my system which sends me hourly reports
2 about possible hack attempts on my three boxes. I use ipkungfu for my
3 firewall. I've stuck with the default configuration for ipkungfu,
4 except for listing each of my machines in my LAN in the
5 accepted_hosts.conf file. I also set ipkungfu to drop all offensive
6 packets (not sure if that's the default or not.) Whenever I see someone
7 trying the break in in the logsentry reports, I add their IP to the
8 deny_hosts.conf file and restart ipkungfu so that the changes will take
9 effect. I'm wondering why if these offending IPs in deny_hosts.conf are
10 being stopped at the firewall I'm still seeing them fail to authenticate
11 to my FTP and ssh servers? Also, I've always heard that you shouldn't
12 have any ports open on your machine unless you have some server bound to
13 that port because hackers can get in through unbound open ports. Is
14 this true? If so, how does it work? What do they connect to if
15 nothing's running on the port they're trying? I know the concept of a
16 backdoor in a running program, but if no program is running on said port
17 for them to connect to, how do they get in???
18 -Michael Sullivan-
20 --
21 gentoo-user@g.o mailing list