Re: [Sheflug] Re: Mail server

[Richard Lowe <nospam [at] richlowe.demon.co.uk>]

* Richard Ibbotson (richard [at] sheflug.co.uk) wrote:
> Richard
> 
> > Oh I know.. and I agree with you.
> > And with the proliferation of DSL, and Cable in the states, It's
> > expected to some degree, that even home users have a reasonable
> > amount of bandwidth, and permanent connections.
> 
> Well, the whole thing seems to be getting a bit out of hand with some 
> home users on DSL who have never heard of something called a 
> firewall.  Bound to cause trouble for everyone else ?
> 
> > But most of the stuff still applies, though maybe in need of
> > tweaking a little.
> 
> Yes
> 
> > It isn't the job of the exchange, or your ISP to filter traffic.
> > And, after reading many arguments, and complaints by users of
> > American ISPs who had port 80 filtered, in an attempt to stop Code
> > Red, many many people, don't want their ISP filtering their
> > traffic.
> 
> Perhaps the people who own the exchange should be more interested in 
> internal firewalls ?  Now that there is more DSL around.  Although, 
> looking at BTs track record on security applied to software it 
> doesn't seem to be all that good.  And .... Telewest ?  Perhaps I 
> shouldn't say anything ?
>

Probably not.. you'll only spark my paranoia, and I really don't want to
spend another weekend rewriting iptables rules :)

> > The general fact is, most of the scans to your system, are script
> > kiddies with very little knowledge of what they are doing, scanning
> > subnets for systems that their scripts will exploit, there's not
> > real motivation to attack *your* machine, just any machine they
> > can.
> 
> Well, it might be for you but not for me.  My own logs look like a 
> Hans Cristien Anderson fairy tale.  </being polite and not using 
> unpleasant words>
>

They used to be, quite varied, when I used btinternet (other btinternet
users scanning), now I've moved to demon and it's.. hmmmm.

It isn't as common, but I've been flooded with ping, (and for some
strange reason, DNS lookups?) 2 or 3 times now.

But my logs are definitely nicer, apart from several places with a
couple of hundred lines of dropped Ping's, in the space of a few
seconds.

(and then it stops, because I drop ping, and they think they've knocked
me offline, because there's no replies at all) :)

> > Keep up to date with patches, put a decent packet filter between
> > you and them, and do all the other stuff security docs recommend.
> 
> Yes, it should work but I've come across several situations where it 
> didn't.  Kind of .... script kiddie and consultant get together and 
> they form a temporary partnership :)  Seen it happen once or twice.
> 

If they're determined enough, they'll find a way in.
But stop the script kiddies, and you've stopped 99% of what's out there.


[ Richard Lowe - richlowe - richlowe [at] richlowe.demon.co.uk ]
[            http://www.snowman.net/~richlowe/            ]

___________________________________________________________________

Sheffield Linux User's Group - http://www.sheflug.co.uk . 
To unsubscribe from this list send mail to 
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.