[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] WebSite being Hacked!!!
First, make sure all your web servers are up to date on the most current patches. If your firewall is set up correctly it will block port scans. Ie if your webserver has only port 80 open on the FW, and someone tries to connect on ports 1-1000, the FW will block all but port 80. WHich is where your security patches come in. How to set up IDS? That's another topic entirely. A firewall has holes in it, if those holes can be exploited they will, and there's little you can do about it. There are many many products for IDS, Real Secure, Network Ice, Snort, blah blah blah. These are the types of products you'll need to investigate. Also think about HIDS, things like Tripwire and AIDE, which watch the box itself and can tell you what files the hacker chagnes. -----Original Message----- From: Felix [mailto:[email protected]] Sent: Wednesday, May 30, 2001 8:52 AM To: Fw-1-Mailinglist Subject: [FW1] WebSite being Hacked!!! Hi, all: one of my web server (IIS4.0 on NT 4.0 SP6a) which is behind my FW1-4.1 sp3 has been hacked. I think the hacker used script via IE explorer to hack it. My questions are: 1. How to prevent from ports scanning through Internet. 2. How to prevent from being hacked through port 80. 3. How can I enable the Intruder Detect system (not only ip spoofing) Thanx! ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|