[TriLUG] attack

[Matt Frye]

On Tue, 22 Feb 2005 21:43:20 EST, cate serino
<cms2945 at garnet.acns.fsu.edu> wrote:
> After only having my server up for a few hours and to a state that I
> thought was fairly secure, I got hacked with what I think is a man in the
> middle attack.  Other than turning off ports (telnet, ect.), changing
> root passwords, and editing the hosts.allow and hosts.deny files, what
> can I do to secure my server.  

What you can do is monitor it actively.  Login.  Take a look.  Find
out what's going.

The worst security error I've seen is not paying attention.  People
wonder where the attacks came from and then they look in their logs
and see that someone's been working them for months.

If you need help securing it, try Bastille.  It will help you button
things up.  Until then, unplug from the Internet. 
http://www.bastille-linux.org/