Hi David,
Thank's for the answer.
> Did you check /var/log/messages, if not do a "less /var/log/messages"
> and look for syslog messages close to that time where the reboot
> happened. Also check /var/log/secure and /var/log/xferlog for clues
> of intrusion attempts.
Yes, I've checked all files in /var/log and not a clue. My xferlog is
/usr/local/etc/proftpd.xferlog and is also absolute normal. Proftpd have
only on user and this user can access only from my home IP.
> This line =>
> > -A input -p tcp -i eth0 -s myHome -d 0/0 22 -l -j ACCEPT
> generates this one =>
> > ACCEPT tcp ----l- myHome 0.0.0.0/0 * -> 22
>
> it says allow any to ssh to myHome
I think it's from myHome, isn't it?
> this one says
> > ACCEPT udp ------ my2NS 0.0.0.0/0 53 -> *
> allow DNS to talk to my computer using UDP from their port 53
The my2NS is out of my network and it access my network to get zone
information.
[...snip...]
> > Do I have to worry? Does anybody know what is this?
>
> If that is all you have for a ipchains script, then yes, worry.
No, I wrote only the first rule for reference. I was worried about the DNS.
My ipchains file is bigger than that.
> Go to freashmeat.net or google and search for a ipchains or
> better yet, use iptables.
>
> Installing AIDE or Tripwire (and using it) is a good way
> to find out if your computer has been compromised.
>
I have downloaded a wonderfull book, "securing and optimizing RedHat Linux".
I don't remember the autor's name. He wrote a new version talking about
iptables and I'll buy it when I finish the one I'm reading now.
Thank's again,
Bruno.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
