Re: stupid ?!? question : how secure is...

To: Peter Schnebel <debian@babylon-systems.de>
Cc: debian-security@lists.debian.org
Subject: Re: stupid ?!? question : how secure is...
From: Nathan Dabney <smurf@osdlab.org>
Date: Wed, 28 Feb 2001 22:52:43 -0800
Message-id: <[🔎] 20010228225243.B6513@osdlab.org>
In-reply-to: <01030101214900.00467@indianer>; from debian@babylon-systems.de on Thu, Mar 01, 2001 at 01:21:49AM +0100
References: <01030101214900.00467@indianer>

I suggest using ipchains/iptables to block any other input to the machine itself (except for of course for the port you want forwarded.)

Remember, attacks can still get to the web server that the packets are getting forwarded to.  (granted, via cgi cuts down on allot of the standard hack-in-the-box tools.)

-Nathan

On Thu, Mar 01, 2001 at 01:21:49AM +0100, Peter Schnebel wrote:
> having a router with no services running on it...
> using the "standard" masquerading that comes in the debian networking skript 
> ( the "rusty" three-liner ) and forwarding port 80 to the internal network...
> 
> i wonder if i should start dealing with proxies or firewalls ( with ipchains 
> policies ) and stuff... is this recommended... and then ( apart from an 
> attack from the internal network e.g. a trojan or from misconfiguring apache 
> (where port 80 is forwarded to) ) how could anyone gain access to our local 
> network ??
> i just can't imagine how that could work ??
> 
> i would be thankfull for any hints or sources where i can find more info's...
> 
> thx peter
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>

Reply to:

Prev by Date: Re: Wrong DNS configuration. Which?
Next by Date: SSH with potato, not very secure?
Previous by thread: Re: Wrong DNS configuration. Which?
Next by thread: SSH with potato, not very secure?
Index(es):
- Date
- Thread