I you feel you've been hacked then restoring is the best thing. There may be backdoors on the "potentially" hacked system or the system could be used for other malicious purposes. On Mon, 28 Oct 2002, Philip Ching (605.734.71) wrote: > > > Hi Duane, Bram, and Will: > > Thank you all for your responses to my email. > > It was indeed my syntax error. It works now! > > I changed to "All: 192.168.14." in /etc/hosts.allow > so that all PCs on my private LAN can telnet to it. > > Yes, I am on a private LAN. But I strongly suspect that > I have been hacked. > > I am always using my notebook/RH7.2 to dial-in to the > school and connect to the Internet. > > However, this morning I cannot boot my notebook. I cannot > event get into "linux single" mode. Currently I am in > "linux emergency" mode. I don't know why this has happened. > The only thing I noticed (from /var/log/messages) is that > there are three foreign IP addresses that had connected > to the system via Annonymous ftp last night (while I was > logining in to the school's UNIX system). > > Though in a panic, I remember the TCP_Wrapper mechanism. > Hopefully what I have setup now can keep those jerks out. > > By the way: Is it reasonablly doable to recover my system? > > Thanks again! > > Philip > > > > On Mon, 28 Oct 2002, Duane Dunston wrote: > > > > > Hey, > > > > For that service in /etc/hosts.allow it would go like this: > > > > in.telnetd : 192.168.14.154 > > > > Also be sure that telnet is uncommented in /etc/inetd.conf and that it is > > running. I have compiled OpenSSH on rh6 and 6.2. Probably want to get in > > the habit of using that even though you are probably on a private network. > > > > On Mon, 28 Oct 2002, Philip Ching (605.734.71) wrote: > > > > > > > > > > > Hi, > > > > > > I have server: RH6.2/192.168.14.157 and > > > client: RH6.0/192.168.14.154 > > > > > > I setup in the server: /etc/hosts.allow > > > 192.168.14.154 > > > > > > and in /etc/hosts.deny > > > All: All > > > > > > But I cannot do telnet from client (192.168.14.154) to the > > > server. It says "Connection closed by foreign host" > > > > > > Why is that? I just follow the book which describes the > > > TCP_Wrapper as parse the /etc/hosts.allow first. If there > > > is a match then let it in. Otherwise the TCP_Wrapper will > > > check the line in /etc/hosts.deny to make a decision. > > > > > > What did I do wrong? Can some one help me? > > > > > > Thank you! > > > > > > Philip Ching > > > > > > > > > ------------------------------------------------------------------------ > > > To unsubscribe email security-discuss-request@linuxsecurity.com > > > with "unsubscribe" in the subject of the message. > > > > > > > -- > > duane > > > > 'People demand freedom of speech to make up for the freedom of thought > > which they avoid.' > > - Kierkegaard > > > > http://www.linuxsecurity.com/feature_stories/feature_story-116.html > > http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html -- Updated Version > > http://www.linuxsecurity.com/feature_stories/feature_story-89.html > > http://www.linuxsecurity.com/feature_stories/feature_story-88.html > > > > ------------------------------------------------------------------------ > > To unsubscribe email security-discuss-request@linuxsecurity.com > > with "unsubscribe" in the subject of the message. > > > > > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > -- duane 'People demand freedom of speech to make up for the freedom of thought which they avoid.' - Kierkegaard http://www.linuxsecurity.com/feature_stories/feature_story-116.html http://www.linuxsecurity.com/feature_stories/dsniff-monitoring.html -- Updated Version http://www.linuxsecurity.com/feature_stories/feature_story-89.html http://www.linuxsecurity.com/feature_stories/feature_story-88.html ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
