Guys, to keep the breakage to a minumim, just block scans from @homes
corporate network. Use the whois command to find out the ip range. I
think it is 24.0.0.0/16 IIRC.
Do it this way:
ipchains -A input -p tcp -s 24.0.0.0/16 -d 0/0 ! 1024:65535 -j DENY
ipchains -A input -p udp -s 24.0.0.0/16 -d 0/0 ! 1024:65535 -j DENY
As I understand it, the reason they scan is because the usenet admins
worldwide pressured them make some sort of effort to prevent spam. It
seems that too many @home users had insecure mail and news servers
running on their boxes and they were being used by hackers (the evil
kind) to send spam. Scanning for unauthoirized servers was apparently
their answer to the problem.
The point I guess I'd like to make is that unless you secure your box
properly, then you may get hacked and then your computer will be causing
exactly the kind of problem that prompted @home to start scanning in the
first place. To that end I recommend the following rule.
# I'll assume that eth0 is the interface that connects to your
cable-modem
#
ipchains -A input -i eth0 -p tcp -y -j DENY
This will prevent tcp connections to your computer from the cable-modem
while still allowing you to connect to other computers (surfing,
whatever). There is no equivalent for UDP packets. UDP is a
"connectionless" protocol.
FYI: Ports uder 1024 are considered to be privileged ports. So if
you're going to block 0-500, just block access to all privileged ports.
Also look into 'man ipchains'
- Bob Glover
I don't have a sig. Do I?
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
