[KLUG Members] Am I just being paranoid?
Russell Dillenburg
members@kalamazoolinux.org
Tue, 25 Feb 2003 23:00:51 -0600 (CST)
On Tue, 25 Feb 2003, Peter Buxton wrote:
> On Tue, Feb 25, 2003 at 09:04:48PM -0600, Russell Dillenburg wrote:
>
> > --------------------- sendmail Begin ------------------------
> >
> > 172137 bytes transferred
> > 61 messages sent
> >
> > **Unmatched Entries**
> >
> > h1O60Rv03101: ruleset=check_rcpt, arg1=<marvin%marvin.ordb.org@>, relay=ns.fgnet.dk [212.242.88.2], reject=550 5.7.1 <marvin%marvin.ordb.org@>... Relaying denied
>
> Why yes, you're paranoid. This is the Open Relay Database, www.ordb.org,
Is that a bad thing? Isn't a good system (network) admin paranoid? Or do
the really good ones have no reason to be paranoid because they KNOW their
system (network) is secure?
> testing your server. They are trying to ensure you are not an open
> relay.
YAY!!! I wasn't too worried about that, it was only because I saw it
twice. Now that you mention it, I do remember going to www.ordb.org and
setting up a test, but I oculd have sworn it was a one time thing. Oh well, my mail server is
secure.
>
> Everytime your server returns with "Relaying denied" you get a brownie
> point. :-)
>
yay!! I knew that was a good thing, and thanks for your comments...
> Thank you for posting this: I have wanted a comprehensive list of relay
> tricks for a while.
No problem.
>
> > ---------------- Connections (secure-log) Begin -------------------
> >
> > **Unmatched Entries**
> > Feb 23 19:10:07 russell sshd[2539]: Could not reverse map address 192.168.1.100.
> > Feb 23 19:10:09 russell sshd[2539]: Accepted password for ROOT from 192.168.1.100 port 4178
yes, that was me...I just couldn't type at that time, long
non-dictionary password. That is from my main computer (windoze)...
I kind of figured someone would bring this up.
The only person who has full access to all ports is my friends machine,
and I have full access to ports on his.
Port 80 should be the only one everyone has access.
>
> Check: /etc/ssh/sshd_config and see if you have:
>
> PermitRootLogin yes
>
> set. You probably shouldn't. If this wasn't you logging into your own
> machine, BTW, you've been fatally compromised, unless you have a machine
> on your local network that could have had IP # 192.168.1.100 which you
> used to log into your linux box, at which point 192.168.1.100 didn't
> have a corresponding PTR record in DNS.
That is absolutely correct, I do not have my DNS configured yet.
>
>
--
Russell Dillenburg
Computer Systems Specialist
webmaster@russell.knightec.net
A.A.S. CIS Programming
Programming Languages: Java, C, C++, Perl, PHP, VB, Javascript, VBScript
Operating Systems: Unix, Windows, Mac
For more of my skills see my resume at http://russell.knightec.net/xoops
"Will code for food!"