[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Security

To: Sheflug <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] Security
From: Barrie Bremner <nospam [at] ecosse.net>
Date: Sun, 03 Sep 2000 22:57:24 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: nospam [at] rata.vuw.ac.nz
Sender: sheflug-bounce [at] vuw.ac.nz


> Ahh...but I bet your INPUT and OUTPUT chains are empty and have a default
> policy of ACCEPT. If you change the input policy to DENY, then you may have
> to open specific ports for the quake/irc/real-video &c... services.

 Erm...

> I don't know portsentry, so dunno what it does (or doesn't) do to the
> firewall (if anything)...I stick with a standard ipchains firewall, and use
> its packet logging :)

 Portsentry is a wonderful little tool that monitors a bunch of ports
(i.e. ones that have exploits etc) and checks for portscans, floods etc
and automagically throws that IP into /etc/hosts.deny and adds a -DENY
to the firewall rules.
 Also, rather than doing the ipchains work, it can run scripts (to
perform a DNS lookup, traceroute and portscan of remote machine for
example).
 Once the remote machine is denied, all packets are logged to
/var/log/messages as if you had set the rules yourself.
 Basically, portsentry will catch most strangeness and DENY the remote
machine.

 Quite good if you didn't have your firewall rules quite right.
*Whistles and looks innocent* :-)

 Same chap has a program called logcheck that will scan your logs
looking for keywords (which you can modify) and emailling you with any
problems.

> Maybe I'm mistaken...I don't do enough with masquarading to check this.

 Nope, just as well I got a thinkin'. I did have to open a port up for
Napster, so doing the same for other services helps.

--
Barrie J. Bremner

Email:     TheEnglishman [at] ecosse.net
           (PGP public key available at pgp.mit.edu)

URL:       http://www.geocities.com/thefatenglishman

Telephone: UK 01672 811246
Mobile:    UK 07968 792975

 Help Micro$oft wipe out piracy - get Linux.
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

References:
- Re: [Sheflug] Security
  - From: "Chris J/#6" <sixie [at] nccnet.co.uk>

Prev by Date: [Sheflug] Security (again, the final word)
Next by Date: Re: [Sheflug] Security (again, the final word)
Prev by thread: Re: [Sheflug] Security
Next by thread: RE: [Sheflug] Security
Index(es):
- Date
- Thread