> -----Original Message----- > From: plug-discuss-admin@lists.plug.phoenix.az.us > [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Rick > Rosinski > Sent: Wednesday, March 07, 2001 6:07 PM > To: PLUG > Subject: I'm being hacked! > > > I really need help!!! > > A buddy of mine knows a couple of hackers who have done sh*t to > his system > without informing him. They acquired all of his information > from his laptop > and his WebTV. He was paranoid about what they might do to his > information > (c cards, social, etc). I told him enough to scare him into > talking to those > hackers. They confessed, and they told him what they did, and > what they are > capable of. But, what scared me the most is what he said they did to me > without me knowing. They told him about what I do with Linux based on my > command prompt history. My buddy wasn't messing with my head, because > before they told him that, he didn't know what a command prompt > was. This > guy accessed my system through my ppp connection with Inficad, > even through > the random ip addresses that they send. > > The point to all of this is: I want to find out how to stop this from > happening. I have a few ideas of my own, and I have lots of questions. > > Besides setting up a firewall, what other security measures > should I consider > implementing? > > What will it take to keep this guy out of my system? What is he > capable of > doing besides knowing my command history in my term windows. Would it be > effective if I set up a user for myself (I am always root) to > keep him out? > I am not on a LAN, just ppp to inficad, and I don't know if being root is > dangerous or not. > > > If it helps... > I use Slackware 7.1 (I modified it to incorporate kernel 2.4.1), > and I use > dial-up internet pppd with kppp - and the ISP assigns random ip addresses. > I don't have a firewall set up yet, and I am working on getting > that up (I am > reading the howto now). > > Thanks!!! > > > -- 5. Rusty's Really Quick Guide To Packet Filtering Most people just have a single PPP connection to the Internet, and don't want anyone coming back into their network, or the firewall: ## Insert connection-tracking modules (not needed if built into kernel). # insmod ip_conntrack # insmod ip_conntrack_ftp ## Create chain which blocks new connections, except if coming from inside. # iptables -N block # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT # iptables -A block -j DROP ## Jump to that chain from INPUT and FORWARD chains. # iptables -A INPUT -j block # iptables -A FORWARD -j block the above is all you need. If you want to read more... Craig ----:----|----:----|----:----|----:----|----:----|----:----| - Craig White - PO Box 8634 - Scottsdale, Arizona - 85252 - e-mail address ................ - CraigWhite@AzApple.com - world wide web address ........ - http://www.AzApple.com - e-mail my pager address ....... - 6023779752@airtouch.net - cellular phone ................ - (602) 377-9752 - voice/facsimile ............... - (480) 945-8445 ----:----|----:----|----:----|----:----|----:----|----:----|