* Paul Johnson ([EMAIL PROTECTED]) [021207 21:12]: > On Sat, Dec 07, 2002 at 09:20:08PM +0100, Frank Gevaerts wrote: > > What I would do (I don't since I have a dedicated firewall machine) is : > > - close all unneeded services > > Better yet, not just close, purge them. > > > - install a firewall that just drops any incoming connection from your > > cable-connected ethernet interface. (I would recommend using fwbuilder > > The security gained with this step is epsilon under Linux if you don't > have services that aren't needed installed.
I've seen many redhat boxes in which installed rootkits included something to the effect of 'echo "6969 stream tcp wait root /bin/sh" >> /etc/inetd.conf'. Having a firewall up in this case prevents the cracker from using the installed backdoor, even after an intentionally-exposed service is broken. It's a very good safety net to have, especially in the case of an always-on static-IP-address cable connection, which is likely to be swept by script kiddies who then later try to connect to the boxes their scripts successfully penetrated. good times, Vineet -- http://www.doorstop.net/ -- http://www.eff.org/
msg17831/pgp00000.pgp
Description: PGP signature
