Hi
The best thing to have done is tighten up what sockets are listening if
you have socklist utility
run # socklist this should show tcp/udp sockets that are listening and
thus open.
Thus any sockets that are listening investigate what there are and why
you need them.
Run some tools like nikto, nessus and nmap and harden your box.
Before you commissioned your squid cache box this lot should have been done.
Thus you will know what services is open to the general populace.
Cheers
Henrik Nordstrom wrote:
lör 2007-02-24 klockan 08:28 +0100 skrev Henrik Nordstrom:
To diagnose after you have made changes somehow stopping the abuse then
checking all logs in detail is the only available, or maybe tcpdump
looking for users still trying to access the service and from that
derive how they gained access in the first place..
One educated guess: Maybe the port dansguardian is listening on is
accessible from the outside.
Regards
Henrik
