identify FTP port?

well one thing you can do to protect yourself from packet sniffing is use sftp instead of ftp. that encrypts all network information, so even if they sniff it, they can t read it.

in order for someone to sniff your info, they have to e on the same network segment as you, so that probably means that if you were comprimised that way, then someone else on your network was comprimised first.

also, traceroute defaults to go only 30 hops. but that doesn t mean anything. it just means that there are more than 30 routers between here and france, or whereever this person is.

my concern here is that OSX should not be as vulnerable as this. either OSX has a major security flaw which should be addressed, or there is some other insecure box on your network from which someone launched their attack, or installed a sniffer. you might consult with your netadmin to see look for sneaky behavior across your gateway, or just take a look at the inetd logs on the rest of the machine on your subnet. if inetd logging is not turned on, then turn it on.
 
other box on the network? nope. just me.

it is my network. 1 mac, 1 pc.

any more possibilities to narrow this down? it was definitely a login on an actual account and not some weid backdoor.
 
the reason it concerns me is that i have OSX running on my network, with not only ftp ssh apache and appletalk, but even unencrypted telnet access, and anonymous (read only) ftp. on my network there is also a solaris 8 box which has read-write anonymous ftp, as well as ssh, telnet, ftp, apache, samba, netatalk, bind, sendmail and maybe some services i am forgetting.

we have 2 NT servers and one 2000 server, running print server and IIS. the point is that the 3 windows servers have gotten completely overtaken by evil internet stalkers, and they looked all over my network. they did not crack the solaris box, but they fill up a spare drive that was read-write anonymous ftp (i was totally naively expecting that to be OK, boy was i surprised to find it filled with german versions of XP, and weird porn. needless to say i took away that service).

the point is that OSX had lots of vulnerable services, and it was always completely safe.

i guess we can only assume that they got into your account by stealing your password. maybe you ftp'ed to your box from some place where it routed through a packet sniffer. if that s all that happened, then it is no need for concern. the best way to protect yourself is to always use ssh and sftp, never telnet and ftp. it would be nice to hear a security expert weigh in on this thread, if there are any around.
 
You must log in or register to reply here.
Back
Top