[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sheflug] Re: BNC Network Question

To: <shef-lug [at] xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Sheflug] Re: BNC Network Question
From: "Neil R Porter" <xxxxx [at] xxxxxxxxxxxxxx>
Date: Tue, 30 Apr 2002 11:16:06 +0100
Envelope-to: <shef-lug [at] list.sheflug.org.uk>
Importance: Normal
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx

Ummm, oops :)  Sorry for being repetitious, but my client is set up to
pop my poor underpowered server in the states every 10mins, and even
that feels like too often.

I've read quite a bit on this security stuff, and the thing that I'd
like to see more of are examples of real cracker results on the poor
home-office user <sits back and awaits deluge of urls>.  The thing is
this.  I run services on my machine; the same machine that also provides
net access to my network.  I've configured up Bastille to only allow
ports that I need to use, and also to treat my ppp and eht0 seperately.
I've been toying with buying either a router or another machine on
Richard's advice (and to be honest his advice does strike me as having a
lot of sense and back-up), but this would be an expense too far if it
doesn't make much difference in real instance.  For example, if I was
port forwarding in order to provide http services from a machine t'other
side of gateway, then surely any problems associated with apache
vulnerabilities would still be there, no?  Please can someone clear this
up for me?

btw, this list is a lovely distraction and source of info for me - long
may it continue!

Neil

> -----Original Message-----
> From: shef-lug-admin [at] list.sheflug.org.uk 
> [mailto:shef-lug-admin [at] list.sheflug.org.uk] On Behalf Of Brian Teeman
> Sent: 30 April 2002 10:53
> To: shef-lug [at] list.sheflug.org.uk
> Subject: Re: [Sheflug] Re: BNC Network Question
> 
> 
> On Tue, 30 Apr 2002, Ian W. Wright wrote:
> 
> > HI,
> > 
> > I'm a bit sceptical about this scanner software. I use it 
> regularly to 
> > check that my machine is supposedly secure and it always 
> says I've got 
> > good security and the machine services either aren't 
> visible or report 
> > that they are 'closed'. However, a web site I chanced on 
> the other day 
> > (can't remember which unfortunately) had an advert for some 
> > firewalling software which presented me with a picture of 
> my 'C' drive 
> > showing all the folders and files!!
> 
> Are you sure that it wasn't a javascript that was being run 
> locally on 
> your machine that was reading the contents of your 
> C drive. This is quite easy to write and would give the 
> impression that 
> the remote computer was reading the contents of your drive.
> 
> Brian
> 
> 
> > I'd love to know how it did it but, even though I looked at 
> the page 
> > source at the time, it didn't give me any clues. The point is, of 
> > course, if they could see that far through my firewall 
> which Shields 
> > Up and Portscan said is secure.......
> > 
> > Best wishes,
> > Ian
> > --
> > 
> > Ian W. Wright
> > Sheffield, UK
> > ----- Original Message -----
> > From: "Craig Andrews" <craig [at] fishbot.org.uk>
> > To: <shef-lug [at] list.sheflug.org.uk>
> > Sent: Tuesday, April 30, 2002 9:15 AM
> > Subject: Re: [Sheflug] Re: BNC Network Question
> > 
> > 
> > > On Tuesday 30 April 2002 01:39, you exclaimed:
> > > > No. You can still run samba on the same IP set thing 
> (subnet), in 
> > > > fact
> > it
> > > > would be a lot of unnecessary work to set it up on a different 
> > > > subnet as you'd have to start giving the machines 2 IP 
> addresses.
> > > >
> > > > All you need is to make sure the router (the box that 
> connects to 
> > > > the
> > > > internet) isn't part of the MS network, ie. it doesn't 
> run the samba
> > > > software.
> > >
> > > You can get Samba to run on the same machine with a 
> little care. For 
> > > instance, you can configure it to only use one interface, 
> so you can 
> > > tell
> > it
> > > to totally ignore the dialup interface.
> > >
> > > Also, make sure that all requests on ports 137, 138 and 139 are 
> > > DENIED or REJECTED from the dialup interface, and you 
> should be set. 
> > > Get a friend
> > with
> > > a port scanner to check your machine, or use the shields 
> up tool on 
> > > www.grc.com to test if Samba is accessible from the outside world.
> > >
> > > HTH
> > >
> > > Craig 
> > > 
> ___________________________________________________________________
> > >
> > > Sheffield Linux User's Group - 
> http://www.sheflug.co.uk/mailfaq.html
> > >
> > >   GNU the 
> choice of a complete generation.
> > >
> > 
> > ___________________________________________________________________
> > 
> > Sheffield Linux User's Group - http://www.sheflug.co.uk/mailfaq.html
> > 
> >   GNU the choice of a complete generation.
> > 
> 
> ___________________________________________________________________
> 
> Sheffield Linux User's Group - http://www.sheflug.co.uk/mailfaq.html
> 
>   GNU the choice of a complete generation.
> 


___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

References:
- Re: [Sheflug] Re: BNC Network Question
  - From: Brian Teeman

Prev by Date: RE: [Sheflug] Re: BNC Network Question
Next by Date: Re: [Sheflug] Re: BNC Network Question
Previous by thread: Re: [Sheflug] Re: BNC Network Question
Next by thread: Re: [Sheflug] Re: BNC Network Question
Index(es):
- Date
- Thread