Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Dec 1998 16:36:54 +0000
From:      Karl Pielorz <kpielorz@tdx.co.uk>
To:        Alejandro Galindo Chairez AGALINDO <agalindo@servidor.exsocom.com.mx>
Cc:        questions@FreeBSD.ORG
Subject:   Re: udp security
Message-ID:  <367D27A6.2EB3082A@tdx.co.uk>
References:  <Pine.BSF.3.96.981220102303.28050A-100000@servidor.exsocom.com.mx>

next in thread | previous in thread | raw e-mail | index | archive | help

Alejandro Galindo Chairez AGALINDO wrote:

> i need help, i need to know how to protect my servers, but the most
> important in my mind is to know how they are accessing the servers, i
> buyed the Firewalls book from Oreally & associates and i was using the
> firewall with ipfw, but this dont stop the hackers.
> 
> thanks for your help

This isn't really FreeBSD related... Do you know for 100% that you have
removed the hackers, and all their equipment from your compromised system?
It's not uncommon for hackers once they have a connection to leave numerous
back doors in the system - so they can get in again...

Even your firewall won't help with that... The only way you can be 100% sure
you have got rid of them is probably to either reinstall the machine, or break
out the backups form a time you are _certain_ you weren't hacked...

Once you have the new machine up, follow all the security guidelines (i.e. use
a firewall like your doing, make sure the machine only runs the services you
need - e.g. disable everything you don't need from inetd etc.)

Only then will you stand a chance of keeping them out...

As for attacks via UDP - this is certainly possible, though I've not seen any
exploits for FreeBSD and UDP for as long as I can remember... :)

-Kp

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?367D27A6.2EB3082A>