On Sat, 2004-07-17 at 16:26, Craig White wrote: > - a good hacker would use another system to attack other systems to hide > the originating ip address. > > - a good hacker would never make a feeble attempt such as the one you > descibed > > - a good hacker would more than likely gain access and remove the log > entries to cover his tracks. The 2 boxes that I have had hacked were > done well and not easy to spot. > It's quite possible that this is nessus proxied through another system. While I log everything to DShield, the priority is protection. Complaints to RIPE are a waste of time. > - this message base is not going to provide nearly the breadth necessary > to cover security issues. If you are responsible for security, you > probably have to do a lot of reading (I would suggest Linux Hacking > Exposed), as you will probably want to consider things like tripwire and > not just iptables rulesets and logging. > I suggest that you not make the task too daunting. Start with IPTables and block everything by default. That is clearly the first step (aside from a strong password scheme). > Craig
