pc hacked

02-22-2006

Registered User

26, 0

Join Date: Feb 2005

Last Activity: 26 May 2006, 7:05 AM EDT

Posts: 26

Thanks Given: 0

Thanked 0 Times in 0 Posts

pc hacked

Hi,

i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply,
i think someone has put an script which generates enables the rules.

But after restarting the iptables everything seems to be working fine.

IN_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
IN_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
IN_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
IN_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
FUDP udp -f 0.0.0.0/0 0.0.0.0/0
PZ udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:0
PZ tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1214
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1214
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2323
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2323
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:4660:4678
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:4660:4678
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6257
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6257
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6699
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6699
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6346
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6347
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6347
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6881:6889
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:6881:6889
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6346
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6346
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7778
reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7778
reject-with icmp-port-unreachable
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 limit: avg
30/sec burst 5
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 5 limit: avg
30/sec burst 5
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 limit: avg
30/sec burst 5
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg
30/sec burst 5
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 30 limit: avg
30/sec burst 5
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg
30/sec burst 5
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02
state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT udp -- 24.244.141.3 0.0.0.0/0 udp spt:53 dpts:1023:65535
ACCEPT tcp -- 24.244.141.3 0.0.0.0/0 tcp spt:53 dpts:1023:65535
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1023:65535
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1023:65535
ACCEPT udp -- 24.244.141.4 0.0.0.0/0 udp spt:53 dpts:1023:65535
ACCEPT tcp -- 24.244.141.4 0.0.0.0/0 tcp spt:53 dpts:1023:65535
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1023:65535
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1023:65535
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1023:65535
dpt:21 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20
state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20
state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:22
dpts:513:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535
dpt:22 flags:0x16/0x02 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:22 state
ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp
dpts:33434:33534
DROP tcp -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 216.168.225.206
ACCEPT all -- 0.0.0.0/0 216.168.228.35
ACCEPT all -- 0.0.0.0/0 216.185.145.94
ACCEPT all -- 0.0.0.0/0 61.95.144.58
ACCEPT all -- 0.0.0.0/0 220.225.88.57
ACCEPT all -- 0.0.0.0/0 203.197.115.72
ACCEPT all -- 0.0.0.0/0 220.225.88.58
ACCEPT all -- 0.0.0.0/0 61.246.162.20
ACCEPT all -- 0.0.0.0/0 221.128.188.0/24
ACCEPT all -- 0.0.0.0/0 196.40.10.246
ACCEPT all -- 0.0.0.0/0 209.242.168.226
ACCEPT all -- 0.0.0.0/0 220.225.82.149
ACCEPT all -- 0.0.0.0/0 200.122.153.10
ACCEPT all -- 0.0.0.0/0 200.91.176.131
ACCEPT all -- 0.0.0.0/0 207.36.180.167
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:513
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:445
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1433
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1433
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1434
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1434
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1234
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1524
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1524
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3127
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3127
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
OUT_SANITY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20

Please guide me for this how could i stop it.

Luv
Mit

naik_mit

View Public Profile for naik_mit

Find all posts by naik_mit

Linux

pc hacked

3 More Discussions You Might Find Interesting

1. Cybersecurity

Our system was hacked

Discussion started by: jgt

2. Cybersecurity

Server hacked on known port

Discussion started by: anaigini45

3. Cybersecurity

How to know when you've been hacked

Discussion started by: binhnx2000