[TAG] (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1
keesan at grex.cyberspace.org
Sat Jan 27 18:16:00 MSK 2007
On Sat, 27 Jan 2007, Neil Youngman wrote:
>> On Fri, Jan 26, 2007 at 01:18:56PM -0500, Sindi Keesan wrote:
>>> I thought they went after broadband. And Windows. How exactly would
>>> they attack a linux machine using dialup internet, without me noticing?
> They would attack a dialup machine in exactly the same way they would attack a
> broadband machine. How would they know your machine was on dialup? It's just
> another IP address to them.
Okay. A friend said they could sniff my packets for my login and
password. But how would they put any files onto my machine? I am not
running lpd, telnetd, ftpd or even httpd. Can they transfer files when I
simply run pppd and ssh or lynx?
> Being on Linux is no guarantee either. There are enough Linux servers out
> there with a lot of bandwidth to be valuable targets and the programs that go
> scanning for vulnerable machines neither know, nor care, that yours is a puny
> little 200 MHz machine on dialup.
> How would they attack without you noticing? Well, how would you notice? Are
> you even looking?
> Do you monitor the logs? Do you run chkrootkit regularly? Do you monitor
/var/log/ shows which packages were installed not portscan info.
We do not have chrootkit.
I found a Wiki-type entry about portscan, a series of probes sent to one
or more ports of a target system looking for information. Most linux
distributions don't include the tools to monitor them. (Not just ours).
We have an nmap add-on for scanning hosts on the network and determining
which services they are running. Downloaded it. No documentation.
101 pages of man page online. I don't understand much of it.
nmap -A -T4 127.0.0.1 (localhost)
All 1663 scanned ports are closed.
I found lists of open ports at my two shell account providers.
I will ask on our list for instructions.
> Neil Youngman
More information about the TAG