Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Solaris > Hacker Protection?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Hacker Protection?

Reply to Message Icon

Name: dynamic (by dynamic1)
Date: August 16, 2008 at 20:17:02 Pacific
OS: solaris 10
CPU/Ram: 4g
Product: VMware
Comment:


I notices that there is always some one trying to hack into my Solaris sever. Normally I would not care. Mostly because my server is for training purposes only. I rarely if ever store anything on it. However today I was looking at my /var/adm/messages and found

Aug 16 13:32:08 unknown ftpd[2494]: [ID 265846 daemon.notice] repeated login failures from nod32.megalan.bg [89.190.196.14]
Aug 16 13:32:13 unknown ftpd[2495]: [ID 265846 daemon.notice] repeated login failures from nod32.megalan.bg [89.190.196.14]
Aug 16 13:32:18 unknown ftpd[2496]: [ID 265846 daemon.notice] repeated login failures from nod32.megalan.bg [89.190.196.14]
Aug 16 13:32:29 unknown ftpd[2497]: [ID 265846 daemon.notice] repeated login failures from nod32.megalan.bg [89.190.196.14]

It seems that some one has been putting forth a big effort to break into my little Solaris server. Then it dawned on me. May be this is the perfect oportunity to beef up my knowledge on Solaris security. So I ask

1.What are the logs that one should monitor to insure that your sever is secure?
2. Are there any known techniques one can use to investigate security violations?
3. What are the necessary steps on should take to harden their Security for Solaris boxes?



Sponsored Link
Ads by Google

Response Number 1
Name: jefro
Date: August 17, 2008 at 13:28:30 Pacific
Reply:

Are you 89.190.196.14 It works! ?

There are plenty of sites on intrusion detection. Few are directly related to solaris but can be converted.

Logs are related to what services you have up.

I think there is a Sun page on that or links to that subject. See also any MS or linux best practices site/how-to. Everything from secure the network via ports and protocols and services to strong passwords and reduce access to lowest needed, many others.

See also sites that report security defects. Many are not the OS rahter the applications that are installed. You'd be suprised how many so called hardened servers have some very old security holes left open.

"Best Practices", Event viewer, host file, perfmon, are in my top 10


0

Response Number 2
Name: ZeeZOo
Date: August 24, 2008 at 11:23:41 Pacific
Reply:

89.190.196.14 tried to hack into my FTP server

A smart whois shows this :

Alexander Atanasow
Bussiness center "Mania"
1720 Sofia
BULGARIA
+35929689000
sasho@megalan.bg


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More


Use following form to reply to current message:

Login or Register to Reply
LoginRegister


Sponsored links
Ads by Google


Results for: Hacker Protection?
How to protect NIMDA hacking Solaris 8 www.computing.net/answers/solaris/how-to-protect-nimda-hacking-solaris-8-/840.html

Change Permission www.computing.net/answers/solaris/change-permission/2025.html

Apache on solaris urgent help requi www.computing.net/answers/solaris/apache-on-solaris-urgent-help-requi/3350.html