intrusion detected

J.Markoll j.markoll at free.fr
Tue Aug 9 09:53:15 UTC 2005


Dick Davies a écrit :
> Please bear in mind that nmap and ps are often the first binaries
> changed when hacking a unix server. If you really want to see what
> ports a machine is listening on, run nmap from another host.
Sure.

> On 09/08/05, J.Markoll <j.markoll at free.fr> wrote: 
>>Matt Patterson a écrit :
>>>Obviously I do a little more than the average joe with my machine. But
>>>things to look at are, nfsd, apache, smbd, nmbd, sshd, ftpd. If you
>>>havent installed those but yet they are running, something might be wrong.
> Seriously look into a firewall unless you meant to run NFS - it's very
> hard to secure because of its' design. FTPd is ok for anonymous
> access, but in general you don't want to be running that.
Sorry, something missing to me (not perfect english handling) does
"look into a firewall" mean you advise to see the logs of a firewall, or
just to have a firewall installed and configured ?

>>And sshd is the SSH Daemon, while ssh-agent is ? what can it be ?
> Man ssh-agent
I see. I don't get it all in the man, but the general idea. Already
present, incase of a LAN for example, to log on another machine.
Also:
------
The idea is that ssh-agent is started in the beginning of an X-session 
or a login session, and all other windows or programs are started as 
clients to the ssh-agent program.
-----

Isn't it insecure to have it running by default, if no other machine
needs to be loggued via ssh ? or is ssh-agent so close to the rest of
the system that it needs to be lounched at boot anyways ? (to check I
understand what's written in this man)

>>joyce at papillon:~$ nmap localhost
> Port 783 is Spamassassin.
Ah ok. I installed it recently to try to see the difference with the
Thunderbird spam treatment method.
What way exists to know what port comes for what, generally ?
(Is there one except browsing the web at random ?)

>>Let's go for a 'ps -A', I installed a few unuseful applications these
>>days, to see how it goes :))

>>using them. Maybe I could wonder what application processes are
>>  7970 ?        00:00:00 qmgr
>>  7620 ?        00:00:00 mixer_applet2

> man qmgr - it's part of postfix.
Does the system need postfix ? I think postfix sends me the mail
system... as I didn't configure Debconf, it says.

 >>I asked one other question, although it seems almost obvious:
 >>is a zombie installed in a muchine always a trojan like program ?
Thanks, J.Markoll.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050809/0c1309d5/attachment.sig>


More information about the ubuntu-users mailing list