Page 1 of 2

server help?

Posted: Sat Feb 28, 2009 3:38 am
by Jack_the_hacker
hi

this is my first post but i am not really new to this site, i have been here a few months now,
i have a problem with the server i run at my school, I had just got a email a few days ago from a security company that manages are schools districts internet access crap, and they had said that a possible hacker ( i corrected them on the term, it is a cracker, idiots) was makeing a connection from a udnernet.net site, or some IRC server, any way they got thought my IRC port (6667) and have managed to use my server as a gateway link, i am wondering two things, i am running a mac wisp OS X server, how would i secure the ports better for that, such as is there any free firewalls available
(yes i known the mac has a built in firewall but the stupid computer admin before me some how turned of the button to access it or something, i cant get access to it) for a mac, i had looked some up but i don't trust most, i would consider making one but my computer language knowledge is a bit how do you say limited, i known HTML, yes it is not a language really but i am also trying to learn a bit of C, i am some what good with C, and have seen a Little C++, so any help with that would be highly thanked, also i was able to trace the IP address of the cracker to Australia, i think i known what ports they are using ( 6667, 48, 112, 110) thought i have another question about that, this may seem kinda like a stupid question but how do i kick them from my server, i tried some terminal commands and i got no where with that, and most of the stuff on Google did not help, i thought with getting no where i would ask here, any help you can give is really really thanked,

all suggestions would be thanked,

Posted: Sat Feb 28, 2009 4:14 am
by plope0726
I'm not really familiar with mac, but have you tried to turn off the services using those ports, assuming they arent needed, like the IRC service? Also there should be an app somewhere (like I said I'm not familiar with mac) in which you can block or allow certain IP addresses access. It should give you the option to drop all packets from that specific IP addresses. I'm curious though, what kind of school is it and where are you located (US...)?

Posted: Sat Feb 28, 2009 4:52 am
by Jack_the_hacker
plope0726 wrote:I'm not really familiar with mac, but have you tried to turn off the services using those ports, assuming they arent needed, like the IRC service? Also there should be an app somewhere (like I said I'm not familiar with mac) in which you can block or allow certain IP addresses access. It should give you the option to drop all packets from that specific IP addresses. I'm curious though, what kind of school is it and where are you located (US...)?
it is the linworth alternative program, it is a experimental education program. the website is here
http://www.linworth.org/ it is located in Worthington Ohio, thought the computer admin page is old and has yet to be updated i am the admin.

note it is a bit old but i am working on updating it, i can try turning off the port, that might stop them but the only thing is they seem to port jump if i try to mess with it, thought i can try to find a ip blocking app i have not thought of that yet.

Posted: Sat Feb 28, 2009 5:00 am
by plope0726
can you tell me more about whats going on with the built in firewall?

Also, this site may be helpful... http://www.ibiblio.org/macsupport/ipfw/

Posted: Sat Feb 28, 2009 5:04 am
by plope0726
can you post the IP that you found?

Posted: Sat Feb 28, 2009 5:04 am
by Jack_the_hacker
plope0726 wrote:can you tell me more about whats going on with the built in firewall?
well i cant find a way to access it, the tabs (buttons) to get to it are gone, i also don't known how to get to it from a terminal yet, i have Googled it non stop but it tells me to click on the firewall tab and there is no tab, i looked for a way to do it and i still can not get access to my firewall, it is set to allow all packets, and to allow all IP connections, thought i found that out by looking around the system, thought a app known as server admin, it allows me to see the settings but not change them.

Posted: Sat Feb 28, 2009 5:06 am
by Jack_the_hacker
plope0726 wrote:can you post the IP that you found?
i would be happy to but i don't have it on me, it is stored in my server records thought,
i might be able to get it today or tomorrow some time, thought it started out 164.254. i cant remember the rest.

Posted: Sat Feb 28, 2009 5:08 am
by plope0726
ok...did you look at the link I posted yet...there is some info on accessing the ipfw from the terminal.

"The first thing to do is to play with looking at the firewall from the command line. Open the System Preferences, and under Sharing, enable the firewall. Then open a terminal session, and type:

sudo /sbin/ipfw list"

Posted: Sat Feb 28, 2009 5:09 am
by Jack_the_hacker
plope0726 wrote:can you tell me more about whats going on with the built in firewall?

Also, this site may be helpful... http://www.ibiblio.org/macsupport/ipfw/
thank you i think this should help me with the firewall problem

Posted: Sat Feb 28, 2009 5:11 am
by Jack_the_hacker
plope0726 wrote:ok...did you look at the link I posted yet...there is some info on accessing the ipfw from the terminal.

"The first thing to do is to play with looking at the firewall from the command line. Open the System Preferences, and under Sharing, enable the firewall. Then open a terminal session, and type:

sudo /sbin/ipfw list"
i think i should be able to even remote access it form my home pc and start making changes , it might not work but thank you i needed the bash commands for that, where did you find it?

Posted: Sat Feb 28, 2009 5:16 am
by plope0726
for the ipfw info I did a searched Google with this string "enabling ipfw firewall on mac os x server"

I did a whois search at http://whois.arin.net on the network address you gave me (164.254) It says it from the department of defense... http://ws.arin.net/whois/?queryinput=164.254.

Posted: Sat Feb 28, 2009 5:19 am
by Jack_the_hacker
plope0726 wrote:for the ipfw info I did a searched Google with this string "enabling ipfw firewall on mac os x server"

I did a whois search at http://whois.arin.net on the network address you gave me (164.254) It says it from the department of defense... http://ws.arin.net/whois/?queryinput=164.254.
OK that is screwed up lol, when i traced it i got Australia , then again i think it also could have started with 169. instead of 164. o well i can get it later on i think, thought thank you for your help.

Posted: Sat Feb 28, 2009 5:21 am
by plope0726
no problem :wink: good luck

Posted: Sat Mar 07, 2009 3:23 pm
by Jack_the_hacker
thank you plope for your help, i was able to get my firewall configured and thought more in deep research i found a program called water roof, it manages the rules for me, it kinda connects to the firewall and allows me to add and to delete rules and more , ip filter, Nat configure, net process static and dynamic rules, here is the website http://www.hanynet.com/waterroof/index.html , thought i was wondering does anybody here known much about firewall rules, i keep throwing my internet off because of the fact i don't really known what rules to allow or keep or delete, i am trying to get it to where only my computers and a few laptops can access are network, maybe my home computer as well but that is not really needed, but for some reason when i think got it setup it crashes, so i have to flush the rules ,what for a few min's then the rules normally and thankfully reset them self,s to the old way, it is just i am fear full that one of the days they will not reset, so if any body would known any good web sources, or tips or any thing that might show like a outline kinda of rules, that would be great, all i find on Google when i search is just programs or self made firewall scripts but i don't really like how they are configured.

thank you all.

Posted: Sat Mar 07, 2009 8:30 pm
by plope0726
Try this site...

http://www.novajo.ca/firewall.10.1.html

You should be trying to allow only the private IPs on your network access