I have logsentry installed on my system which sends me hourly reports about possible hack attempts on my three boxes. I use ipkungfu for my firewall. I've stuck with the default configuration for ipkungfu, except for listing each of my machines in my LAN in the accepted_hosts.conf file. I also set ipkungfu to drop all offensive packets (not sure if that's the default or not.) Whenever I see someone trying the break in in the logsentry reports, I add their IP to the deny_hosts.conf file and restart ipkungfu so that the changes will take effect. I'm wondering why if these offending IPs in deny_hosts.conf are being stopped at the firewall I'm still seeing them fail to authenticate to my FTP and ssh servers? Also, I've always heard that you shouldn't have any ports open on your machine unless you have some server bound to that port because hackers can get in through unbound open ports. Is this true? If so, how does it work? What do they connect to if nothing's running on the port they're trying? I know the concept of a backdoor in a running program, but if no program is running on said port for them to connect to, how do they get in??? -Michael Sullivan-
-- gentoo-user@gentoo.org mailing list
