Your best bet is to setup ipchains to only allow connections into your machine that you want (ie. ssh, http, etc) You should also keep up with your distro's errata and update any packages they release new packages for. Damon On Thu, 2002-11-07 at 15:05, S. Khademi wrote: > Dear Damon. > Thanks for your help I found rpc.statd proccess and I killed it, but for > future what must we do for securing my system. > Thanks. > soheila > > On 7 Nov 2002, Damon Brinkley wrote: > > > You need to find out what process is listening on that port and stop > > it. Otherwise setup Iptables to block connections to that port. > > > > Damon > > > > On Thu, 2002-11-07 at 14:50, S. Khademi wrote: > > > Dear friend. > > > > > > Recently one of my server attack by a person, he make a direstory in my > > > /dev/ida/ path with .sys/aw name, I see open ports in my machine by nmap > > > command and I see: > > > > > > Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ ) > > > Interesting ports on cisgate.iut.ac.ir (213.29.206.17): > > > (The 1531 ports scanned but not shown below are in state: closed) > > > Port State Service > > > 22/tcp open ssh > > > 25/tcp open smtp > > > 80/tcp open http > > > 111/tcp open sunrpc > > > 443/tcp open https > > > 515/tcp open printer > > > 993/tcp open imaps > > > 995/tcp open pop3s > > > 3128/tcp open squid-http > > > 6000/tcp open X11 > > > 32774/tcp open sometimes-rpc11 > > > > > > I don't know anything about sometimes-rpc11 port, and I don't know about > > > this, How I can close this port, and what I must do for keep my server > > > from attacking??? > > > And I want know how he attack my server. > > > Ps. My OS is linux redhat 7.2 > > > By regards khademi > > > > > > -- > > > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ > > > Soheila Khademi > > > e-mail: khademy@yahoo.com > > > soheila@maniac.sdc.uwo.ca > > > Network Admin khademi@cc.iut.ac.ir > > > Network Services > > > Center For Information Services (CIS) http://www.iut.ac.ir > > > Isfahan University of Technology (IUT) Tel: 98 311 3915840-1,45 > > > Isfahan, IRAN Fax: 98 311 3915805 > > > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > To unsubscribe email security-discuss-request@linuxsecurity.com > > > with "unsubscribe" in the subject of the message. > > > > > > > > > > > > ------------------------------------------------------------------------ > > To unsubscribe email security-discuss-request@linuxsecurity.com > > with "unsubscribe" in the subject of the message. > > > > -- > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ > Soheila Khademi > e-mail: khademy@yahoo.com > soheila@maniac.sdc.uwo.ca > Network Admin khademi@cc.iut.ac.ir > Network Services > Center For Information Services (CIS) http://www.iut.ac.ir > Isfahan University of Technology (IUT) Tel: 98 311 3915840-1,45 > Isfahan, IRAN Fax: 98 311 3915805 > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ > > > > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
