From owner-freebsd-questions Sun Oct 20 13:23:37 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 320F837B401 for ; Sun, 20 Oct 2002 13:23:35 -0700 (PDT) Received: from smtpzilla2.xs4all.nl (smtpzilla2.xs4all.nl [194.109.127.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C11E43E6E for ; Sun, 20 Oct 2002 13:23:34 -0700 (PDT) (envelope-from co9@xs4all.nl) Received: from xs4all.nl (a194-109-252-84.adsl.xs4all.nl [194.109.252.84]) by smtpzilla2.xs4all.nl (8.12.0/8.12.0) with ESMTP id g9KKNWXY051975; Sun, 20 Oct 2002 22:23:32 +0200 (CEST) Message-ID: <3DB310F8.2030605@xs4all.nl> Date: Sun, 20 Oct 2002 22:24:24 +0200 From: Robin Schilham User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.1) Gecko/20021006 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Kent Stewart Cc: Bryan Cassidy , freebsd-questions Subject: Re: Security! Please help newbie References: <20021020125909.1acd7e7c.bryanc2000@insightbb.com> <3DB30EE6.8020909@owt.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kent Stewart wrote: > > > Bryan Cassidy wrote: > >> Heres the deal. Two days ago I was hacked. I know this for a fact. The >> guy was using my IP address in a Counter Strike game a friend of mine >> told me. He said he made sure he had the IP address of the person. I >> went online on IRC and when I got there he told me about what >> happened. The guy tried a DoS attack on my friend. I was also banned >> from a couple IRC Channels (I can get back in now) I couldnt connect 2 >> days ago for NOTHING. He was completely using all my bandwidth. We are >> in the process of finding out who this guy was to prosecute. I don't >> know what he used my IP address for and I don't think this is a >> game. I reinstalled FreeBSD yesterday sometime. We went through a >> couple security setups. I don't know anything about security. I will >> explain what I did. I adding the following into my kernel config >> >> # Firewall >> options IPFIREWALL >> options IPFIREWALL_VERBOSE >> options IPFIREWALL_VERBOSE_LIMIT=10 >> >> I also added the following to my /etc/rc.conf file >> >> firewall_enable="YES" >> firewall_quiet="YES" >> firewall_script="/etc/rc.firewall" >> firewall_type="/etc/ipfw.acl" > > > The type is supposed to be open, close, simple, and etc. It depends on > which type you are using in rc.firewall. Look for [Ss][Ii] and etc. According to the comments in /etc/rc.firewall firewall_type can also be a file name. Anyway, it might be better to start with one of the example rule sets in /etc/rc.firewall and adapt them to your needs. > > Kent > >> >> I then added the following the /etc/ipfw.acl >> >> add 1000 allow ip from any to any >> >> I have a few days off so I am going to be using these days for setting >> up security and learning security. If someone out there would please >> help me out with makeing sure my box is locked down tight I would >> really appreciate it. I find it very childish and even scary knowing >> someone has used my computer and not knowing everything he used it >> for. Thank You and I hope to get some replys real quick to resolve >> this matter as soon as possible. >> >> -------------------------------------------------------------------------- >> >> E-Mail: Bryan Cassidy >> GAIM: bsdsys >> Yahoo Messenger: bsdsys >> >> I have put alot of time in setting up my mail filters. Please do not >> simply Reply-To: unless said so.Please >> Reply-To the appropriate mailing list. This is very annoying for me. >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> >> . >> > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message