[NCLUG] Two easy? security questions...
J. Paul Reed
preed at sigkill.com
Mon Sep 4 23:42:03 MDT 2000
On Mon, 4 Sep 2000, dobbster wrote:
> I'd rather not bother the ISPs. Most of the time they seem to ignore
> my complaints anyway.
Unfortunately, that seems to be the case...
> > http://www.linux-firewall-tools.com has more info, including an automated
> > firewall script generator.
> >
> > The fine folks over at tummy.com also have IsinGlass, which works quite
> > nicely: http://www.tummy.com/isinglass
>
> Thanks... I'll check both of these places out. It sounds as if some
> of these tools might provide me additional protection.
>
> I do have ipchains configured into my kernel already. Where would I set
> the deny rule? (inetd.sec?)
No, you set the rules in another file; you can really do it anywhere you
want; I use to do it in /etc/rc.d/rc.local on my RedHat system, and now I
have rc.local call rc.network, which sets up some virtual interfaces, and
also calls rc.firewall, which has all my rules in it.
If you use linux-firewall-tools.com, you'd place the output from the
website in a firewall like rc.firewall; if you use isinglass, they
probably have a procedure documented.
> Is port 143 (Imap) a popular one for these kinds of attacks? I am
> rather new to this...
Yeah, IMAP had a lot of root compromises awhile ago, so it's one of the
more popular ports for script kiddies target if they're just trying "0Wn
J00z."
Later,
Paul
----------------------------------------------------------------------
J. Paul Reed preed at sigkill.com || web.sigkill.com/preed
If you put a gun to my head and said "Name ten great bands that have
come out in the last 5 years," you'd be wiping my brains off the wall.
-- Trent Reznor
More information about the NCLUG
mailing list