On 4 Mar 2001, Dominic Mitchell wrote:
>
>
> Thanks for the info. I have not made the firewall yet, it was in
> my project to do so shortly. I will work on it right now. I
> would I know if someone made it through?
>
> Thanks,
>
> Dominic.
>
>
> "Mikkel L. Ellertson" <[EMAIL PROTECTED]> writes:
>
> > >
> > Chances are someone is trying to crack your machine. Portmap is
> > the faverite attack point right now. You should consider blocking
> > all connection attempts to port 111 from outside your local
> > network with your firewall. Right now, they are being blocked by
> > tcp wrappers. Having your firewall block these attempts add
> > another layer of safty, as well as making port scans a bit harder.
> >
> >
> > Mikkel
>
>
Use the -l option on the end of the rules you want to see someone was
trying. You will get a deny message in the logs. Something like this:
Mar 4 14:18:06 firewall kernel: Packet log: input DENY eth0 PROTO=6
24.163.248.193:3290 64.34.45.208:111 L=60 S=0x00 I=8793 F=0x4000 T=55
SYN (#95)
If they make it through the firewall, and get trapped by tcp wrappers,
you will see a message like the origional one. It is also a good idea
to check the logs for unusual messages. Logwatch is a handy program to
have. There are others as well. Telling if someone get is is hard -
the better they are, the less likely you will notice that they cracked
the system. About all you can do is to keep the system up to date, and
watch for anything strange.
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
