backdoor threat

prad prad at towardsfreedom.com
Sat Jun 20 01:35:36 UTC 2009 

On Fri, 19 Jun 2009 14:39:35 -0400
Bill Moran <wmoran at potentialtech.com> wrote:

> Sure.  It costs almost nothing to send a fax message, and he could
> send it over and over and run you out of paper and ink while you're
> sleeping. Infantile, yes.
> 
yes except for the fact that i don't have a fax machine and the number
is incorrect anyway :D

> Sure, there's 1000000000 things.  Start by running a nmap scan from a
> different computer and see what ports are open.  Investigate each
> program listening on those ports to ensure it's properly secured.
> 
ok this is really neat!
we did the scan and found what the open ports are.
so the first one we changed was the ssh.
then a friend said he assigns ports that are not used in /etc/services,
so i presume this means for instance if we change the http port, we'll
have to tell our http server to do business on that port?

is this what you mean by ensuring that the program listening on a port
is properly secured? or is there something else?

> Making secure web forms is too complex to discuss in a single email.
> 
ok we'll look into this further. we really don't have too many web
forms and the forum software we use is punbb which i think they
(rickard et al) take good care of.

> Of course, the "someone" could just be spouting off. ... Some people
> brag without being able to back it up.
>
i think this is such a situation. i think the person thought i'd be
astonished that he was able to pull my first and last name as well as
my address out of a whois search and show them to me :D
and by showing me that he can use words like backdoor and BSD, no doubt
i should step back and bow to his level of expertise!

still, i see this as an opportunity for my son and myself to learn
something we really haven't paid much attention to, so we're going to
do it!

thx for your help bill!


-- 
In friendship,
prad

                                      ... with you on your journey
Towards Freedom
http://www.towardsfreedom.com (website)
Information, Inspiration, Imagination - truly a site for soaring I's

More information about the freebsd-questions mailing list