Re: kernel security?
it will probably be best to convince this ISP to set up his routers
properly. Among many filters he should have, make SURE has has at least
these few:
Do not accept packets from OUTSIDE his network DESINTED to HIS network
with HIS network range. Ie. Nothing should be coming in to his network on
his wan link, from within his network.
Dont allow any packets OUT the network unless it is addressed from WITHIN
his network.
You can also block certain ranges, that should not be in use. 10.* 192.*,
others.
On Mon, 7 Dec 1998, Chris Evans wrote:
-| I am just shipping off a machine to go into an ISP to act as an
-| SMTP, POP3, IMAP, list (superlist), WWW (apacheSSL), ftp and
-| possibly IRC server. Load won't be high but I'd like to minimise
-| risks of this leaf positioned machine being used for spoofing and
-| forwarding. I _think_ I'm getting my head around how to use
-| sendmail.cf to prevent SMTP forwarding while still allowing proper
-| list functioning.
-|
-| I think there are configuration options allowing IP forwarding that I
-| should turn off in the kernel. Am I right? Anyone point me to the
-| right info.?
-|
-| TIA,
-|
-|
-| Chris
-|
-|
-|
-| --
-| To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
-| with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
-|
-|
_ __ _____ __ _________
______________ /_______ ___ ____ /______ John Gonzalez/Net.Tech
__ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC!
_ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com
[---------------------------------------------[system info]-----------]
5:35pm up 56 days, 21:04, 5 users, load average: 0.06, 0.05, 0.02
Reply to: