SLUG Mailing List Archives
Re: [SLUG] [OT] Someone trying to hack me (better solution)
- To: <slug@xxxxxxxxxxx>
- Subject: Re: [SLUG] [OT] Someone trying to hack me (better solution)
- From: Jeffrey Borg <jeffrey@xxxxxxxxx>
- Date: Wed Sep 19 10:16:01 2001
If you want to kill this new worm on the head (instead of many http
requests stop it after the 1st it's very simple and a bit insecure)
either use a firewalling tool or plain old route!
firstly chmod +s your tool (this is insecure I know but then the webserver
user can do the dirty work of blocking hosts in real time!)
then say for iptables get a script called /scripts/root.exe to execute (in
whatever your language is)
/sbin/iptables -I INPUT -s (SOURCE IP) -j DROP
/sbin/route add -host (SOURCE IP) dev lo
and no more requests from that machine at all.
On Wed, 19 Sep 2001, Graeme Robinson wrote:
> the solution is to install linux and setup a firewall-gateway. Forget
> trying to secure your win98 box.
> At 06:41 AM 19/09/2001 +1000, gnudev@xxxxxxxxxxxxxx wrote:
> >Hi sluggers,
> >I am convinced someone is trying to hack me, or crack rather. I am sitting
> >on a dialup connection, and there's strange traffic happening. Even when I'm
> >not FTP'ing or anything, I see I have sent out like half a megabyte or
> >Is this unusual???
> >I am using Windows 98 SE on this particular connection.
> >Is there a packet sniffer for Windows that I can sit on the connection to
> >inspect all incoming and outgoing traffic, and get the IP address of the
> >other side, etc?
> >What is the best firewall that I can install for Windoze 98?
> >Thanks heaps.
> >SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> >More Info: http://lists.slug.org.au/listinfo/slug
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://lists.slug.org.au/listinfo/slug