View Single Post
  #3  
Old 1st January 2007, 22:21
lubod lubod is offline
Junior Member
 
Join Date: Dec 2006
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

First, thanks for answering and Happy New Year!

Yes, I did set up the server myself, and have rebooted at least once since this started happening. If I recall it was worse before the reboot, then it seemed to not allow anyone online, now it blocks just one computer, or only a few. My first concern of course is fixing it, but there is a bigger long term question about security and reliability: Since both these seemingly false routes and entries in hosts.deny blocking some of the same addresses like 192.168.31.2 appeared at the same time, is it likely it was hacked? I took all sorts of precautions, like using ssh (never telnet), restricting webmin to only being administered by certain known IP addresses, etc. In fact I've checked the output of last, which shows nothing suspicious, and installed portsentry to guard against attempts at hacking, and I'm almost beginning to think it was one of my precautions that automatically blocked this stuff in an overzealous attempt to protect itself.

Output of ls -la /etc/network/if-up.d

Quote:
$ ls -la /etc/network/if-up.d
total 24
drwxr-xr-x 2 root root 4096 2006-12-21 10:29 .
drwxr-xr-x 6 root root 4096 2006-11-30 17:58 ..
-rwxr-xr-x 1 root root 1386 2006-05-23 03:39 mountnfs
-rwxr-xr-x 1 root root 551 2006-05-28 19:48 ntpdate
-rwxr-xr-x 1 root root 157 2006-05-28 19:48 ntp-server
-rwxr-xr-x 1 root root 1120 2006-06-08 01:22 postfix
I guess in your next question is about /etc/network/interfaces, because there is no networking in /etc.

Quote:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo eth1 eth0
iface lo inet loopback

# The primary network interface
iface eth1 inet static
address a.b.c.d
netmask 255.255.255.128
network a.b.c.0
broadcast a.b.c.127
gateway a.b.c.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 209.218.76.2 216.171.129.14 209.218.44.6

iface eth0 inet static
address 192.168.31.1
netmask 255.255.255.0
broadcast 192.168.31.255
network 192.168.31.0
pre-up iptables-restore < /etc/iptables.up.rules
interfaces (END)

Last edited by lubod; 2nd January 2007 at 02:33.
Reply With Quote