Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: bakedjake
Last night I started scanning myself with nmap tring to figure out how he is getting in (by the way he is on a Linux box). I can't get past the router scanning unless I send ack packets, then I learn Nortons is wide open to someone who knows what they are doing.
This morning he connected direct to my linux box. I shut down all incoming to the eth0 and killed the connection. I started tcpdump and pointed at the router gateway and sure enough he shows up. I am over my head in this.. He/She was sending stuff like "awk whois Ip number" and some stuff about icmb. When I have the machine locked down he can't get in.
I think he is hijacking sessions and cruising past the router at that point.
Thats my sad story, I could use a little advice as to how to approach this. I have been reading about firewall setups and its going to take me awhile get a grip on it.
Make sure your hardware is configured properly to not allow incoming connections in except on specific ports to specific machines to figure more about what he is doing.
Theres millions of books on security, its just hard to find the right ones.
Come back with som info on how you solve this problem. I, for one, would love to hear