[TriLUG] iptables/ipchains (WAS: Security woes)
Vestal, Roy L.
rvestal at rti.org
Fri Jan 18 08:55:28 EST 2002
Okey, here's my "DOH!!"
telnet server, wu-ftp server, and openssh server were not installed! DOH!.
I've installed the stock ones from RHL 7.2. I am a newbie in the server
arena (setup wise), and I've learned the "stock" box isn't best. But I'm not
sure how to start these, since I am used to inetd and 7.2 uses xinetd.
So the server packages are now installed. Now what?
-----Original Message-----
From: Lisa Lorenzin [mailto:lorenzin at 1000plus.com]
Sent: Thursday, January 17, 2002 5:20 PM
To: Vestal, Roy L.
Subject: RE: [TriLUG] iptables/ipchains (WAS: Security woes)
hi roy,
just a quick check - are you sure that the telnet, ftp, and vnc are
running on the box, and accepting outside connections? is it possible
that your daemons aren't running / listening?
does ps -ef | grep telnet show your telnet daemon running? does netstat
-an show your box listening on port 23? is there anything in your
/etc/hosts.allow or hosts.deny?
can you get ANYTHING in to the box? web connections? ssh?
(sorry for the no-brainer questions, but i usually try to start at the
very beginning when troubleshooting this kind of thing.)
have you tried using tcpdump to see whether your box is receiving any
traffic requests? run
tcpdump -i eth0 -v > /tmp/tcpdump.output
and then try to telnet to the box from another system, and then wait a
couple minutes minutes (it takes a while for tcpdump to write out all its
data), then kill tcpdump and grep/eyeball the output file for the ip
address of the other box.
also, after you attempt to telnet in, go into /var/log and grep * <ip
address of other box> to see if anything shows up in there.
if these are way too obvious and you've already gone through all this, i'm
sorry for cluttering your inbox...
lisa
--
lisa lorenzin | lorenzin at 1000plus.com |
http://www.1000plus.com/lisa/
# find / -user your -name base -print0 | xargs -0 chown us
More information about the TriLUG
mailing list