Re: Security Issues...

Subject: Re: Security Issues...
From: Darron Froese (darron@froese.org)
Date: Tue Aug 14 2001 - 10:44:01 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Alan Orth: "Re: Developer install was Re: Sendmail help"
• Previous message: Michael Tucker: "Re: Security Issues..."
• In reply to: Brian Watson: "Re: Security Issues..."
• Next in thread: Brent Cantrell: "Re: Security Issues..."
• Reply: Darron Froese: "Re: Security Issues..."

On 8/13/01 11:18 PM, "Brian Watson" <bcwatso1@uiuc.edu> wrote:

>> The only way you can stop people from 'port scanning' you is by unplugging
>> your computer from the internet.
>
> Perhaps I should have reworded this. I know I can't stop people from
> port scanning, but I don't want the computer to display any port
> that's active or have an option to block someone who's trying to
> perform a port scan.

Brian,

If you want to run a publicly available server, you pretty much have to
leave the publicly available ports open.

That being said, there are a couple things you can do:

1. Install PortSentry which is a piece of software that is designed to
detect and respond to port scans against a target host in real-time.

<http://www.psionic.com/abacus/portsentry>

Basically, if you are port scanned by somebody, your host appears to
disappear - any attempts to connect to your server from that IP address will
fail.

2. Make sure you have firewalling compiled into your server and block any
connections to ports from places you don't want.

This is an example on how structure this in english so you understand:

Deny connections from a specific IP address because they're bad.
Allow any connections from my internal network.
Allow any connections from my office network.
Disallow any remote connections to my MySQL server.
Disallow any remove connections to my Samba server.

An translated into ipchains-speak:

$IPCHAINS -A input -s 1.2.3.4 -d $LOCALNET -j DENY
$IPCHAINS -A input -s 192.168.1.0/24 -d $LOCALNET -j ACCEPT
$IPCHAINS -A input -s 209.91.99.192/27 -d $LOCALNET -j ACCEPT
$IPCHAINS -A input -i $EXTERNALIF -p tcp -y -d $LOCALIP 3306 -j DENY -l
$IPCHAINS -A input -i $EXTERNALIF -p tcp -y -d $LOCALIP 139 -j DENY -l

This way, you can:

1. Completely open yourself up to trusted networks.
2. Restrict any access to specific networks of bad people.
3. Block any services that you don't want to be remotely accessible.

-- 
Darron
darron@froese.org

• Next message: Alan Orth: "Re: Developer install was Re: Sendmail help"
• Previous message: Michael Tucker: "Re: Security Issues..."
• In reply to: Brian Watson: "Re: Security Issues..."
• Next in thread: Brent Cantrell: "Re: Security Issues..."
• Reply: Darron Froese: "Re: Security Issues..."

This archive was generated by hypermail 2a24 : Tue Aug 14 2001 - 09:52:41 MDT