Am I Being Hacked?

yellowdog-general@lists.terrasoftsolutions.com yellowdog-general@lists.terrasoftsolutions.com
Fri May 16 11:38:01 2003 

Well see (192.168.1.4) is a PeeCee running Win 98 so i wont bother asking
question on how to secure it. (think impossible) :p On top of all this it is
pointless to try to directly access ftp cause it is not enabled. I strictly
use sftp via ssh protocol 2 only. I also have a firewall/router that is
limiting accesses via ports.

I have verified the encryption to be working via ethereal (packet sniffer).
If the encryption is working for a regular ssh connect would it be the same
for sftp?.

Is there a way that they could get in that way if my hosts files only allow
192.168.1.4 and an external work addy access?

So should i really be concerned if the 192.168.1.4 addy is a win98 box and i
have a firewall blocking port access to the linux box and the win 98 box as
well? Or should I just ignore it?

----- Original Message ----- 
From: "Ed Rivenbark" <ed@crazy-ed.com>
To: <yellowdog-general@lists.terrasoftsolutions.com>
Sent: Friday, May 16, 2003 10:20 AM
Subject: RE: Am I Being Hacked?


>   You can never be too paranoid about network security.  IP spoofing is
> very possible, I have done it.  You can spoof an internal IP that will
> allow you to gain access to network resources.  If you have an insecure
> machine they can use it as a host to try to break into your system.  As
> mentioned before, I would check out the machine with the internal IP
> that was trying to get access via FTP.  This machine may be insecure and
> allowing access from outside connections.
>
> Ed
>
> -----Original Message-----
> From: yellowdog-general-admin@lists.terrasoftsolutions.com
> [mailto:yellowdog-general-admin@lists.terrasoftsolutions.com] On Behalf
> Of gwmartin@ezomo.com
> Sent: Friday, May 16, 2003 11:47 AM
> To: yellowdog-general@lists.terrasoftsolutions.com
> Subject: Re: Am I Being Hacked?
>
> Well see that is the thing I have gone to great lengths to block
> everything
> out with hosts.deny and .allow. My concern is that they will address
> spoof
> the allowed IPs and get in. Is this possible or am i being paranoid?
>
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general