intrusion detected

J.Markoll j.markoll at free.fr
Mon Aug 8 10:06:21 UTC 2005


Matt Patterson a écrit :
> Hey Brian,
> I don't know a whole lot about the hardening stuff, I simply run minimal 
> services, mostly on incorrect ports, maintain good passwords, and keep 
> up to date. For the majority of us I think that is good for the 5 nines 
> (99.999%) of hackers.

> As for your plans of hitting them back, don't bother, you would just be 
> hitting some poor unsuspecting sap who already has the problem of a 
> computer that is operating way too slowly with three million pop ads. 
> Most of the breakin attempts you recieve will be from zombie machines 
> doing automated scans of ip space.

> Your best approach is to locate the root domain or isp and send a quick 
> email with logs reporting that the computer has been compromised. The 
> ISP will pull them from the net, and the owner will be notified.

> Matt
Hello,
How can one person check/come to know if her machine is zombi-iesed ?
Can it happen on a machine installed with Ubuntu ?
Is it most likely possible on machines connected to large band, or is
it equally possible for narrow bands ?
For the rest: I found out no open port opened (save to connect the net)
after Hoary install (a scan from the outside). Warty: a few were left. 
On two other Linux distributions preceedingly, the range was from 5 to 
9. I had to start learning how to close them. Not fun for a newbie :))
I use lokkit as a firewall and chkrootkit once a while. (So easy)
I notice than time used in purchasing intruders is a waste. If and the 
day I'll need to reinstall, it takes 15 minutes. (Plus backups if 
necessary). Considering all, the time spent under Windows for security
I saved, and used to learn a few command lines and diverse, and continue.
One more question: the spams contain attached files full of garbage.
The specialists, in their docs, advise to keep them 'preciously' in the 
garbage folder. Of what use is it to keep them ? is there a collect of 
them once a while somewhere ? (naïve, but very newbie-like question lol)
J.Markoll.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050808/1693101a/attachment.sig>


More information about the ubuntu-users mailing list