pc hacked


 
Thread Tools Search this Thread
Operating Systems Linux pc hacked
# 1  
Old 02-22-2006
CPU & Memory pc hacked

Hi,

i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply,
i think someone has put an script which generates enables the rules.

But after restarting the iptables everything seems to be working fine.

IN_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
IN_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
IN_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
IN_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
FUDP udp -f 0.0.0.0/0 0.0.0.0/0
PZ udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:0
PZ tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1214
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1214
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2323
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2323
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:4660:4678
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:4660:4678
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6257
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6257
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6699
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6699
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6346
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6347
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6347
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6881:6889
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:6881:6889
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6346
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7778
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7778
reject-with icmp-port-unreachable
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 limit: avg
30/sec burst 5
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 5 limit: avg
30/sec burst 5
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 limit: avg
30/sec burst 5
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg
30/sec burst 5
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 30 limit: avg
30/sec burst 5
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg
30/sec burst 5
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02
state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT udp -- 24.244.141.3 0.0.0.0/0 udp spt:53 dpts:1023:65535
ACCEPT tcp -- 24.244.141.3 0.0.0.0/0 tcp spt:53 dpts:1023:65535
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1023:65535
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1023:65535
ACCEPT udp -- 24.244.141.4 0.0.0.0/0 udp spt:53 dpts:1023:65535
ACCEPT tcp -- 24.244.141.4 0.0.0.0/0 tcp spt:53 dpts:1023:65535
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1023:65535
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1023:65535
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1023:65535
dpt:21 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20
state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20
state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
dpts:513:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535
dpt:22 flags:0x16/0x02 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:22 state
ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp
dpts:33434:33534
DROP tcp -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 216.168.225.206
ACCEPT all -- 0.0.0.0/0 216.168.228.35
ACCEPT all -- 0.0.0.0/0 216.185.145.94
ACCEPT all -- 0.0.0.0/0 61.95.144.58
ACCEPT all -- 0.0.0.0/0 220.225.88.57
ACCEPT all -- 0.0.0.0/0 203.197.115.72
ACCEPT all -- 0.0.0.0/0 220.225.88.58
ACCEPT all -- 0.0.0.0/0 61.246.162.20
ACCEPT all -- 0.0.0.0/0 221.128.188.0/24
ACCEPT all -- 0.0.0.0/0 196.40.10.246
ACCEPT all -- 0.0.0.0/0 209.242.168.226
ACCEPT all -- 0.0.0.0/0 220.225.82.149
ACCEPT all -- 0.0.0.0/0 200.122.153.10
ACCEPT all -- 0.0.0.0/0 200.91.176.131
ACCEPT all -- 0.0.0.0/0 207.36.180.167
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:513
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:445
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1433
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1433
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1434
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1434
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1234
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1524
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1524
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3127
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3127
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20

Please guide me for this how could i stop it.

Luv
Mit
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. Cybersecurity

Our system was hacked

Someone made a mistake, and left our router wide open, pointing all ports to a SCO 6.0.0 system. Within 24 hours, the following happened. The contents of all the files (except tar files) in three directories, one directory on each of three different file systems, were replaced with nulls. None... (3 Replies)
Discussion started by: jgt
3 Replies

2. Cybersecurity

Server hacked on known port

Hi, There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on : # /etc/init.d/iptables status Table: nat Chain PREROUTING (policy ACCEPT) num ... (7 Replies)
Discussion started by: anaigini45
7 Replies

3. Cybersecurity

How to know when you've been hacked

One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage. The more sophisticated the hacker, the less likely... (8 Replies)
Discussion started by: binhnx2000
8 Replies
Login or Register to Ask a Question