Re: RE: Help. How to stop attacks on gateway/linux host.

[Devdas Bhagat <devdas () dvb homelinux org>]

On 13/12/04 11:28 +0530, Yesh Sriram wrote:
<snip>
> For the last 6 months our DSL bills are extremely high. We examined our 
> logs and there is someone using the bandwidth from
> our host every night. We can turnoff the machine but not sure if this is 
> the right solution.

I recommend getting a good consultant. The Chennai Linux User Group is
active, and if you want, I can recommend a few people to help you out.

> We have done the following (for the last three months)
> - Change passwords every 3 days
> - Run only http, https, ssh
> - Disable ftp
>
> But we still continue to see the nightly breaks into our host machine. 

Is this a compromised machine? Or is someone running a cron job from
behind this gateway?

> We have no Linux expertise except as developers.
> We checked out firewall software price and it's expensive, and there is 
> no expert support available. Can someone
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Lots of expert support available. Not cheap, but good. You just need to 
look.

> suggest a fix for this. Even a policy fix/advice would be helpfull.

You need to figure out the problem first. I suggest a system with a
fresh installation, and fully patched and hardened. Then load up ntop on
this system and track your top bandwidth abusers.
 
Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards