|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Question on ipchains and /etc/host.deny
From: PARKIN, MICHAEL (PBI) (mparkin
PBI.NET)Date: Mon Jun 19 2000 - 13:07:35 CDT
- Next message: john slee: "Re: HTML Mail"
- Previous message: Nickolay Tcherepanov: "Re: deleting a user"
- Maybe in reply to: Manuel Arriaga: "Question on ipchains and /etc/host.deny"
- Next in thread: Security: "Re: Question on ipchains and /etc/host.deny"
- Maybe reply: PARKIN, MICHAEL (PBI): "Re: Question on ipchains and /etc/host.deny"
- Reply: Security: "Re: Question on ipchains and /etc/host.deny"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
As I'm sure will be mentioned, putting ALL:PARANOID (Or ALL:ALL, with a
specific opening for your ISP) will completely block only the services
covered by the daemon. It won't, for example, prevent connections to lICQ
or an ircd if you run one.
ipchains can reject, or simply drop, anything you tell it to - and quite a
bit more. I have a fairly simple rule set running on mine that permits
access to the services I run and all outbound traffic. It also denies
access to a wide range of ports (inetd never wakes up, since the packets
don't get that far) and logs attempts to connect to high ports, such as
27374, 31337, 12345, etc.
You'd be amazed how many script kiddies will try over, and over, and over,
again to connect to a non-existent Sub7Server...
Mike
-----Original Message-----
From: Focus on Linux Mailing List
[mailto:FOCUS-LINUXSECURITYFOCUS.COM]On Behalf Of Manuel Arriaga
Sent: Monday, June 19, 2000 4:08 AM
To: FOCUS-LINUXSECURITYFOCUS.COM
Subject: Question on ipchains and /etc/host.deny
Hi everyone,
After finding out that this list is "alive" :-), I decided that I might just
as well try to hear some opinions on an issue
that seems very confusing to me:
I am a "regular" home user with a cable connection; the only service that I
need to run is a SMTP daemon, and I chose Postfix
for that. I am informed of the latest patches, and applied them. I browse
the web, retrieve/send email and occasionally download
files via FTP.
I don't need any other services; HTTP, FTP, POP3, IMAP, etc and all the
"small" ones (ping, time, netstat, etc) are all disabled.
So, I guess that this sums up to the fact that my machine shouldn't accept
*any* kind of connection from any other machine,
right? (The SMTP server is there for me to send my email to my cable
company's SMTP server, not to provide email services
to any one else.)
So why isn't putting
ALL:PARANOID
in /etc/hosts.deny enough? Do I need to run an ipchains firewall to block
*all* incoming connections, when I can tell my
machine to refuse them by adding that line to my /etc/hosts.deny?
I am sure I am wrong on this, so please correct me! :-)
Cheers and thanks for any tip,
Manuel
- Next message: john slee: "Re: HTML Mail"
- Previous message: Nickolay Tcherepanov: "Re: deleting a user"
- Maybe in reply to: Manuel Arriaga: "Question on ipchains and /etc/host.deny"
- Next in thread: Security: "Re: Question on ipchains and /etc/host.deny"
- Maybe reply: PARKIN, MICHAEL (PBI): "Re: Question on ipchains and /etc/host.deny"
- Reply: Security: "Re: Question on ipchains and /etc/host.deny"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]