[TAG] (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1

[Sindi Keesan]

On Sat, 27 Jan 2007, Neil Youngman wrote:

>> On Fri, Jan 26, 2007 at 01:18:56PM -0500, Sindi Keesan wrote:
>>> I thought they went after broadband.  And Windows.  How exactly would
>>> they attack a linux machine using dialup internet, without me noticing?
>
> They would attack a dialup machine in exactly the same way they would attack a
> broadband machine. How would they know your machine was on dialup? It's just
> another IP address to them.

Okay.  A friend said they could sniff my packets for my login and 
password.  But how would they put any files onto my machine?  I am not 
running lpd, telnetd, ftpd or even httpd.  Can they transfer files when I 
simply run pppd and ssh or lynx?

> Being on Linux is no guarantee either. There are enough Linux servers out
> there with a lot of bandwidth to be valuable targets and the programs that go
> scanning for vulnerable machines neither know, nor care, that yours is a puny
> little 200 MHz machine on dialup.
>
> How would they attack without you noticing? Well, how would you notice? Are
> you even looking?
>
> Do you monitor the logs? Do you run chkrootkit regularly? Do you monitor
> portscans?

/var/log/ shows which packages were installed not portscan info.
We do not have chrootkit.

I found a Wiki-type entry about portscan, a series of probes sent to one 
or more ports of a target system looking for information.  Most linux 
distributions don't include the tools to monitor them.  (Not just ours).

We have an nmap add-on for scanning hosts on the network and determining 
which services they are running.  Downloaded it.  No documentation.
101 pages of man page online.  I don't understand much of it.

nmap -A -T4 127.0.0.1  				(localhost)
All 1663 scanned ports are closed.

I found lists of open ports at my two shell account providers.

I will ask on our list for instructions.

> Neil Youngman

Sindi Keesan