Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Server hacked on known port
Special Forums Cybersecurity Server hacked on known port Post 303029986 by Neo on Monday 4th of February 2019 07:04:49 AM
Old 02-04-2019
Guys,

iptables -L lists all the rules used by iptables.

When it returns:
Code:
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

This means there are NO RULEs loaded, there are no ports being blocked. Nada. There is no filtering going on.

Nothing.

The server is wide open, based on the iptables -L output provided (from an iptables perspective).

The original poster wanted to know how a port was accessed because they thought they had iptable() working on their server.

iptables -L shows, definitively, what rules are being used, and it is case there are NO RULES.

This means, from an iptables perspective, the server is wide open.

That is why an intruder was able to gain access (not discussing, of course, any other issues on the server).

The OP apparently has written a bunch of rules, but does not understand how to enable or manage iptables().

Cheers.
 

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

which port to write my server application?

I want to write a server application that would accept HTTP requests from client. The server would be on a machine that has no connection to the INTERNET. The clients that would be posting their HTTP requests would be doing so through webbrowser .Thus it would be sort of intranet application.... (0 Replies)
Discussion started by: rraajjiibb
0 Replies

2. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies

3. UNIX for Dummies Questions & Answers

Old ATT Server Port Question

Just got old ATT server (10 base T)shipped and want to connect to Windows using com port. Got hardware to connect RJ45 from windows box & serial on ATT. I added XP static ip to host file but get no ping return. Do I have to open unix com port? How? (2 Replies)
Discussion started by: kctech
2 Replies

4. UNIX for Advanced & Expert Users

ssh port forward over three server

Hello there, I have a big problem, and I hope somebody can help me. I try to realize a port forward over three server. Here is a picture... Client Server1 | Server2 ------- ------- | ------- |...... | |...... | | |...... ... (2 Replies)
Discussion started by: Art007
2 Replies

5. Cybersecurity

How to know when you've been hacked

One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage. The more sophisticated the hacker, the less likely... (8 Replies)
Discussion started by: binhnx2000
8 Replies

6. UNIX for Dummies Questions & Answers

Plesk Server Hacked - How to Backup

Hello! First of all: I am a newbie. :o :( I have a CentOS 64bit server with Plesk Panel 8.6. And have been hacked. :mad: After many tries and support tickets, I am configuring a new server, with Suse 11 and Plesk 9.2. I know that Plesk 8.6 have a backup utility (Parallels Plesk Control... (3 Replies)
Discussion started by: miguelvidal
3 Replies

7. Cybersecurity

Different ssh fingerprints on server vs the one on port 22

Hi Guys, My certificate in /etc/ssh is different to what is on port 22. username@server:~$ ssh-keyscan -p 22 127.0.0.1 > /tmp/rsa.tmp # 127.0.0.1 SSH-1.99-OpenSSH_33.33 username@server:~$ ssh-keygen -lf /tmp/rsa.tmp 1024 46:something..................... 127.0.0.1... (0 Replies)
Discussion started by: mu100
0 Replies

8. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

LEARN ABOUT DEBIAN

calendarserver_monitor_notifications

CALENDARSERVER_MONITOR_NOTIFICATIONS(8) 		    BSD System Manager's Manual 		   CALENDARSERVER_MONITOR_NOTIFICATIONS(8)

NAME

     calendarserver_monitor_notifications -- Darwin Calendar Server push notification monitor

SYNOPSIS

     calendarserver_monitor_notifications [--admin username] [--config file] [--host hostname] [--node pubsub-node-name] [--port port-number]
					  [--ssl] [--verbose] [--help] username

DESCRIPTION

     calendarserver_monitor_notifications is a tool for making sure XMPP push notifications are working properly.  Given a username and password
     it will connect to the calendar server and determine which pubsub node(s) correspond to that user's calendar home, as well as those of any
     user which has delegated calendar access.	Next it will subscribe to those nodes and await notifications, printing them to stdout.  An admin-
     istrator can monitor the push notifications for another user by passing the --admin option.  Exit by hitting Control-C.

OPTIONS

     -a, --admin
	   Authenticate using the credentials of the given administrator.

     -h, --help
	   Display usage information.

     -f, --config FILE
	   Use the Calendar Server configuration specified in the given file.  Defaults to /etc/caldavd/caldavd.plist.

     -H, --host HOSTNAME
	   Connect to the specified calendar server.  If not passed on the command line, the host name is looked up in the configuration file.

     -n, --node NODENAME
	   Bypass the auto-discovery of pubsub nodes and specify one explicitly.  Useful on calendar servers which don't support the push-trans-
	   ports DAV property.	When using this option, the host and port options instead refer to the XMPP server host and port numbers.

     -p, --port NUMBER
	   Connect to the specified port number.  If not passed on the command line, the port number is looked up in the configuration file.

     -s, --ssl
	   Use https to connect to calendar server (default is http).

     -v, --verbose
	   Print debugging information.

FILES

     /etc/caldavd/caldavd.plist
	   The Calendar Server configuration file.

SEE ALSO

     caldavd(8)

BSD
								    Feb 3, 2011 							       BSD
All times are GMT -4. The time now is 02:36 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy