[KLUG Members] Am I just being paranoid?

Russell Dillenburg members@kalamazoolinux.org
Tue, 25 Feb 2003 23:00:51 -0600 (CST) 

On Tue, 25 Feb 2003, Peter Buxton wrote:

> On Tue, Feb 25, 2003 at 09:04:48PM -0600, Russell Dillenburg wrote:
> 
> >  --------------------- sendmail Begin ------------------------ 
> > 
> > 172137 bytes transferred
> > 61 messages sent
> > 
> > **Unmatched Entries**
> > 
> > h1O60Rv03101: ruleset=check_rcpt, arg1=<marvin%marvin.ordb.org@>, relay=ns.fgnet.dk [212.242.88.2], reject=550 5.7.1 <marvin%marvin.ordb.org@>... Relaying denied
> 
> Why yes, you're paranoid. This is the Open Relay Database, www.ordb.org,

Is that a bad thing?  Isn't a good system (network) admin paranoid?  Or do 
the really good ones have no reason to be paranoid because they KNOW their 
system (network) is secure?  

> testing your server. They are trying to ensure you are not an open
> relay.

YAY!!!  I wasn't too worried about that, it was only because I saw it 
twice.  Now that you mention it, I do remember going to www.ordb.org and 
setting up a test, but I oculd have sworn it was a one time thing.  Oh well, my mail server is 
secure.  

> 
> Everytime your server returns with "Relaying denied" you get a brownie
> point. :-)
> 
yay!!  I knew that was a good thing, and thanks for your comments...


> Thank you for posting this: I have wanted a comprehensive list of relay
> tricks for a while.

No problem.  

> 
> >  ---------------- Connections (secure-log) Begin ------------------- 
> > 
> > **Unmatched Entries**
> > Feb 23 19:10:07 russell sshd[2539]: Could not reverse map address 192.168.1.100.
> > Feb 23 19:10:09 russell sshd[2539]: Accepted password for ROOT from 192.168.1.100 port 4178
yes, that was me...I just couldn't type at that time, long 
non-dictionary password.  That is from my main computer (windoze)...  

I kind of figured someone would bring this up.  

The only person who has full access to all ports is my friends machine, 
and I have full access to ports on his.

Port 80 should be the only one everyone has access.  

> 
> Check: /etc/ssh/sshd_config and see if you have:
> 
> PermitRootLogin yes
> 
> set. You probably shouldn't. If this wasn't you logging into your own
> machine, BTW, you've been fatally compromised, unless you have a machine
> on your local network that could have had IP # 192.168.1.100 which you
> used to log into your linux box, at which point 192.168.1.100 didn't
> have a corresponding PTR record in DNS.

That is absolutely correct, I do not have my DNS configured yet.  

> 
> 

-- 
Russell Dillenburg
Computer Systems Specialist
webmaster@russell.knightec.net
A.A.S. CIS Programming

Programming Languages: Java, C, C++, Perl, PHP, VB, Javascript, VBScript
Operating Systems: Unix, Windows, Mac
For more of my skills see my resume at http://russell.knightec.net/xoops

"Will code for food!"