From owner-freebsd-questions Sun Oct 20 13:15:42 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC84D37B408 for ; Sun, 20 Oct 2002 13:15:38 -0700 (PDT) Received: from rutger.owt.com (rutger.owt.com [204.118.6.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E5FF43E88 for ; Sun, 20 Oct 2002 13:15:38 -0700 (PDT) (envelope-from kstewart@owt.com) Received: from owt.com (owt-207-41-94-232.owt.com [207.41.94.232]) by rutger.owt.com (8.9.3/8.9.3) with ESMTP id NAA19940; Sun, 20 Oct 2002 13:15:36 -0700 Message-ID: <3DB30EE6.8020909@owt.com> Date: Sun, 20 Oct 2002 13:15:34 -0700 From: Kent Stewart User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, es-mx MIME-Version: 1.0 To: Bryan Cassidy Cc: freebsd-questions Subject: Re: Security! Please help newbie References: <20021020125909.1acd7e7c.bryanc2000@insightbb.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Bryan Cassidy wrote: > Heres the deal. Two days ago I was hacked. I know this for a fact. The > guy was using my IP address in a Counter Strike game a friend of mine > told me. He said he made sure he had the IP address of the person. I > went online on IRC and when I got there he told me about what > happened. The guy tried a DoS attack on my friend. I was also banned > from a couple IRC Channels (I can get back in now) I couldnt connect 2 > days ago for NOTHING. He was completely using all my bandwidth. We are > in the process of finding out who this guy was to prosecute. I don't > know what he used my IP address for and I don't think this is a > game. I reinstalled FreeBSD yesterday sometime. We went through a > couple security setups. I don't know anything about security. I will > explain what I did. I adding the following into my kernel config > > # Firewall > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10 > > I also added the following to my /etc/rc.conf file > > firewall_enable="YES" > firewall_quiet="YES" > firewall_script="/etc/rc.firewall" > firewall_type="/etc/ipfw.acl" The type is supposed to be open, close, simple, and etc. It depends on which type you are using in rc.firewall. Look for [Ss][Ii] and etc. Kent > > I then added the following the /etc/ipfw.acl > > add 1000 allow ip from any to any > > I have a few days off so I am going to be using these days for setting > up security and learning security. If someone out there would please > help me out with makeing sure my box is locked down tight I would > really appreciate it. I find it very childish and even scary knowing > someone has used my computer and not knowing everything he used it > for. Thank You and I hope to get some replys real quick to resolve > this matter as soon as possible. > > -------------------------------------------------------------------------- > E-Mail: Bryan Cassidy > GAIM: bsdsys > Yahoo Messenger: bsdsys > > I have put alot of time in setting up my mail filters. Please do not > simply Reply-To: unless said so.Please > Reply-To the appropriate mailing list. This is very annoying for me. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > . > -- Kent Stewart Richland, WA http://users.owt.com/kstewart/index.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message