We're a community of 1076K IT Pros here for help, advice, solutions, professional growth and fun. Join us!
1,075,601 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Start New Discussion Reply to this Discussion
Ad: Download FREE Help Desk Software & Helpdesk Tools from Spiceworks
1 Year Ago
0

security in linux

hello everyone

Of late, our company has been getting attacks from someone on the internet and this has led us to being black listed. The administrator thinks its through my machine that the attacker is gaining access. I use ubuntu 10.04.3 on a windows network. How can I tell if someone is broken on to my system. something else my machine is trying to override the domain controller. is it possible?

4
Contributors
5
Replies
1 Week
Discussion Span
1 Year Ago
Last Updated
6
Views
paulas24
Light Poster
26 posts since Nov 2009
Reputation Points: 12
Solved Threads: 0
Skill Endorsements: 0
1 Year Ago
0

Check your open ports and install a firewall (i.e. "ufw"). Make sure SSH is disabled.

jbennet
Moderator
Team Colleague
18,528 posts since Apr 2005
Reputation Points: 1,826
Solved Threads: 609
Skill Endorsements: 28
1 Year Ago
1

Hi!

What kind of attacks are we talking about here? Blacklisted from what?

If your client somehow is infected and it effects the entire network something is seriously wrong.

kletig
Newbie Poster
15 posts since Mar 2012
Reputation Points: 10
Solved Threads: 1
Skill Endorsements: 0
1 Year Ago
0

To enhance your system against bruteforce attacks you may want to use fail2ban, which blocks multiple SSH attempts. You may look at [http://www.daniweb.com/hardware-and-software/linux-and-unix/threads/417280/configuring-iptables-to-block-multiple-ssh-attempts](this recently solved post).
You can also read the [http://www.la-samhna.de/library/brutessh.html](excellent post by Rainer Wichmann) that discusses bruteforce attacks.
Good luck!
-FH

FelineHazard
Light Poster
46 posts since Feb 2012
Reputation Points: 10
Solved Threads: 2
Skill Endorsements: 0
FelineHazard
Light Poster
46 posts since Feb 2012
Reputation Points: 10
Solved Threads: 2
Skill Endorsements: 0
1 Year Ago
0

On a second thought, you can also look through /var/log/auth.log to see if someone's been naughty. There are several logs in the /var/log directory that are useful to see if someone is trying to access your machine. Try to look for ssh attempts in hours/times when you weren't the one initiating them.
This is, of course, if the attack you are refering to is ssh attack.
-FH

FelineHazard
Light Poster
46 posts since Feb 2012
Reputation Points: 10
Solved Threads: 2
Skill Endorsements: 0

This article has been dead for over three months: Start a new discussion instead

Post: Markdown Syntax: Formatting Help
 
You
Hardware and Software > Linux and Unix
View similar articles that have also been tagged:
 
© 2013 DaniWeb® LLC
Page rendered in 0.0799 seconds using 2.72MB