Got hacked?

Bryan O'Neal BONeal at cornerstonehome.com
Fri Feb 23 19:18:10 MST 2007 

My next question is, I think I have my stuff fairly well locked down,
but how do I know?  I think I have a nice crunchy outer coating, with a
few sweet pieces of usability.  It is not as hard as say, unplugging the
computer and tossing it in a locked room, but still hard enough I think.
My internal network is pretty standard, different antivirus/antispyware
apps running on different machines, firewalls all turned on, etc.  So my
question is, any burgeoning network security wiz's out their want to put
up the public service of checking a few of our systems out and telling
us what we need to fix?  After all I am an accountant, what do I know of
network security?

-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Jim
Sent: Friday, February 23, 2007 1:49 PM
To: Main PLUG discussion list
Subject: Re: Got hacked?

Carlos Macedo Gomes wrote:

SNIP

> Let me know if I can help out.

Thanks to you and everyone else for the advice.  I was curious as to 
what the hacker had done,  but ended up reinstalling.  Overnight I used 
my windows box to download the dvd iso file for Slackware 11.0 and used 
it to nuke the old installation.  Once that was done I took the config 
files from the old installation I had backed up and restored them.

Jon Hanson said:

> If you have a home network, consider plugging your DSL modem directly
> into one PC and using that as a firewall machine. Yes, you can also
use
> it as a desktop if you need.

My DSL modem does NAT and port forwarding.  I removed port forwarding 
for port 22.

> Is there a compelling reason you need password authentication for ssh?
> It's very easy to generate public keys and use those. You can even
keep
> one on a thumb drive to use if you have to. Then turn OFF password
> authentication (PasswordAuthentication no) in your sshd_config.

I tried to get this working on my windows box, but haven't been able to 
yet.  I changed sshd_config so that sshd listens only on the IP address 
of the nic that's connected only to the windows box.

Hopefully this will make things a bit more difficult for them.
-- 


"That income tax you know it's nothing more than legal robbery"
Sidney "Pa" Larkin
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list