Security Issue
NoOp
glgxg at sbcglobal.net
Fri Feb 13 00:20:59 UTC 2009
On 02/12/2009 10:11 AM, Walton Hoops wrote:
> I could use some help from the Ubuntu wizards out there.
> I run a home server, using Ubuntu 8.10. It very low traffic, with most of
> the traffic being e-mail. Last night, over the course of an hour it
> recorded roughly 8 GB (4 up and 4 down) of traffic over the course of 2
> hours (monitoring with vnstat) and then dropped back to normal. Looking at
> the logs, the traffic did not come through apache, sendmail,or SSH. Judging
> from the fact that the up/down are equal, I'm guessing I've was used as a
> proxy for something (I don't have a proxy server installed), but I know not
> what. So, I have two questions.
> 1.) Any suggestions on how to further investigate this? At this point I'm
> at a loss.
> 2.) How would you suggest further hardening my security, since it seems it
> was compromised? I use Firestarter to lock down my ports, Fail2Ban to stop
> those pesky SSH brute force attacks, and Snort to keep an eye out for other
> attacks.
> Any input would be appreciated.
> Walton
>
>
Do you mind if I run a portscan (zenmap) against your server? Perhaps it
might reveal something open that shouldn't be. I can drop you the
results off-list, but need your permission to do so first. If OK I'll
send you an email directly with my current IP so that you know who/where
it's coming from.
More information about the ubuntu-users
mailing list