On Thu, Mar 09, 2000 at 08:44:39AM -0700, Eric Sisler wrote:
> Dana Danet <[EMAIL PROTECTED]> wrote:
>
> >so i am the recent listed person with growing interests in linux
> >
> >my question to the list is:
> >
> >i am planning on implementing a server out of my house via dsl and
> >i hear horror stories of users that know ip ranges given out by
> >isp's and the scan them looking to get into boxes. before i get my
> >linux desktop and server configured for dsl what precautionary
> >steps/implementations should i consider. i have a webramp 700s, has
> >anyone used this device for a firewall to their linux network.
>
> Ok, since I'll (hopefully) soon be getting DSL myself, I'll bite:
>
> Yes, if you're getting any kind of dedicated connection to the
> Internet, you'll be port scanned at some point. It's a fact of life
> on the Internet. Anytime you have a permanent connection to the
> Internet, steps need to be taken to protect those machines -
> regardless of whether it's at home, work, or elsewhere.
[snip all good advice]
I'll just add that on average I get scanned several times a week,
sometimes several times a night. They are definitely out there. I
don't know this device either, but to start with I would close (or at
least firewall) all ports below 1024 -- except ident (auth) at 113.
This means commenting out everything in /etc/inetd.conf except auth,
and shutting down any daemons running that may have ports open. Use
netstat or lsof if you are not sure what is open/running. Once you are
comfortable with your security, you can start openning up other ports
on an as needed basis. The ports above 1023 a little trickier as many
are dynamically assigned and you can accidentally hose something if
not careful. I would add port 6000 to the list, since X runs there.
http://www.rustcorp.com/linux/ipchains/
http://www.enteract.com/~lspitz/linux.html
http://www.psionic.com
http://ipchains.nerdherd.org/ (scripts for various purposes)
http://linux-firewall-tools.com/linux/ (lots of stuff!)
http://people.redhat.com/~wil
ftp://ftp.redhat.de/pub/rh-addons/security/RPMS/
http://www.securityportal.com/lasg/
http://www.redhat.com/mirrors/LDP/HOWTO/Security-HOWTO.html
http://www.robertgraham.com/pubs/firewall-seen.html (common exploits)
--
Hal B
[EMAIL PROTECTED]
--
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
