Home page logo
/

basics logo Security Basics mailing list archives

Re: under attack
From: Security Zone <seczone () i-nfinity com>
Date: Tue, 16 Mar 2004 19:46:19 +0100

On Mon, 2004-03-15 at 18:35, Jorge Garcia wrote:
i discovered in my redhat server a openssh port open in port 1945 or somethin like that.
now i filter the port with iptables but i want to do more.
how can i close the port??

It depends on what starts it. As for me, i'd suggest you to check
xinetd.

how can i get info about who did this and which program or prosses is using this port?
how can i get any inpho about the attacker??

Try and see log files! First of all /var/log/messages, then the logs
produced by sshd, and so on. I do not know so much iptables, i prefere
PF under openbsd... but i suppose that iptables supports log files! at
the very least, you'd know something about the IP...

thanx


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]