Subject: Re: Security Issues...
From: Brent Cantrell (slycer9@mac.com)
Date: Mon Aug 13 2001 - 23:39:54 MDT
While port masking is done by ipchains, it's not the same as blocking ports
and such, it's sole purpose it to act as NAT translation. Within your
ipchains script, you also specify what ports will accept connections, IE:
ipchains -A -s hackers.com -d 65.88.92.9 80 -p tcp -j DENY what this
particular line does, is denies anyone from the domain hackers.com from
accessing your webserver (65.88.92.9 port 80 using protocol tcp). You can
make your firewall dissapear, ipchains -A input -p udp -j DENY , setup dmz's
port forwarding, anything you want to do. and you don't have to dedicate a
machine to do it, just set it up from within the machine you're providing
the services on.
----------
>From: Brian Watson <bcwatso1@uiuc.edu>
>To: yellowdog-general@lists.yellowdoglinux.com
>Subject: Re: Security Issues...
>Date: Tue, Aug 14, 2001, 12:15 AM
>
>>Depending on how you setup IPChains, you can minimize any returns from port
>>scans and such, making your machine effectively 'dissapear' from the net.
>
> So, IPChains allows me to turn on port masking, which won't return
> anything if a port is active?
>
>
> I didn't know that all of those requests were code red. I'm getting
> hit a lot. I wondered why the activity light on my cable modem was
> blinking, even when no tcp/ip packets were supposed to be coming in
> or going out. It used to be always off when I wasn't doing internet
> related work, but now it's flashing almost all of the time.
>
> As for a firewall, my cable router has one, but I have my linux box
> set as a host, because DNS wasn't working with just port 53 being
> forwarded. At any rate, I don't think it'd stop the code red lines
> in my access log, because I'd just have port 80 forwarded to the
> linux box.
>
> What purpose does the robots.txt file serve? The bot that requested
> it was trying to index my website?
>
> --Brian
This archive was generated by hypermail 2a24 : Mon Aug 13 2001 - 22:50:13 MDT