Firewall Wizards mailing list archives
Re: RE: Help. How to stop attacks on gateway/linux host.
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Mon, 13 Dec 2004 22:23:15 +0530
On 13/12/04 11:28 +0530, Yesh Sriram wrote: <snip>
For the last 6 months our DSL bills are extremely high. We examined our logs and there is someone using the bandwidth from our host every night. We can turnoff the machine but not sure if this is the right solution.
I recommend getting a good consultant. The Chennai Linux User Group is active, and if you want, I can recommend a few people to help you out.
We have done the following (for the last three months) - Change passwords every 3 days - Run only http, https, ssh - Disable ftp But we still continue to see the nightly breaks into our host machine.
Is this a compromised machine? Or is someone running a cron job from behind this gateway?
We have no Linux expertise except as developers. We checked out firewall software price and it's expensive, and there is no expert support available. Can someone
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Lots of expert support available. Not cheap, but good. You just need to look.
suggest a fix for this. Even a policy fix/advice would be helpfull.
You need to figure out the problem first. I suggest a system with a fresh installation, and fully patched and hardened. Then load up ntop on this system and track your top bandwidth abusers. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Help. How to stop attacks on gateway/linux host. Yesh Sriram (Dec 13)
- Re: RE: Help. How to stop attacks on gateway/linux host. Paul D. Robertson (Dec 13)
- Re: RE: Help. How to stop attacks on gateway/linux host. Devdas Bhagat (Dec 13)