They pick random IP numbers, so you probably weren't being singled out for attention. Even if your machine has nothing interesting on it, if cracked it can be used as a platform to attack other machines or cause mischief like flood pinging. You could add in some extra filtering to your router to help reduce port scan attacks. You should keep up with the security updates RedHat posts on the errata pages of their website. Shut down any servers not necessary by editing /etc/inetd.conf and the system rc files. Investigate /etc/hosts.allow and /etc/hosts.deny. I almost always set these to allow access from NZ only, as almost all intrusions I have seen come from overseas. In hosts.deny put ALL:ALL except localhost and in hosts.allow put ALL:.nz meaning any reverse lookup ending in .nz. Note that this forces you to ensure that your reverse lookups are correct. Also note that you may need separate lines for portmap and nfsd in hosts.allow depending on the release of software used: portmap:192.168.1. nfsd:192.168.1. mountd:192.168.1. allows all hosts in a local class C network to access the portmap, mountd and nfsd daemons. You still need to set up your exports file. You only need portmap if you are doing nfs sharing or NIS. Remove or disable any network services which are not essential. You can find listening services on your computer by the command netstat -a and looking through the output. TCP services are in the LISTEN state, while UDP services are stateless so any UDP listings may be a service or a client. UNIX sockets are local to the computer only and are not available over the network so are much more safe. Once you identify network services you can find out how to disable them. One way to do so is to remove the package containing the service program(s), which is a very safe method. Otherwise the service can be changed so that is does not start. Some services can be configured to not accept connections from remote computers. Verify the integrity of the programs on your system using rpm -V -a which tests the date, size and MD5sum against a database. Very clever crackers may change the rpm database when they change programs, but almost all don't do so. This is one feature I like about RedHat. 99% of crackers don't have an ounce of ability, they just download a recipe book and ingredients (called a rootkit) from somewhere and use that. Most of the rootkits include patches to ls, ps, ifconfig and add new programs to sniff network traffic and alter system log files to remove evidence of their logins. Commonly used rootkits create files in /dev which aren't supposed to be there - e.g. /dev/ptyp, /dev/ptyr which aren't device files, but normal files used by the patched versions of ps and ls. Note that ls has been altered to not show these files in its output - you need to find them with other programs - I recently used find /dev -name ptyr -print to find one of them. You could use other programs, like GUI file managers or whatever.
Disclaimer: Anything you find on my personal pages (they have "~richard" as part of the location) is not official policy of PlaNet FreeNZ.