Re: port scare
Just a quick note to thank everyone for the input on this matter. It has
*all* been very instructive - forced me to learn (or take another look
at) how the system starts and *what* it starts, and so on.
:-)
Glenn Becker
Online Producer, Community
SCIFI.COM
At 12:06pm on Sun, 18 Feb 2001, Osamu Aoki wrote:
> Use ipchains ASAP.
>
> Going after all services are impossible when experimenting
> unless you use this approach.
>
> I block all ports 1-1023 except ones I use for my connection to
> cable modem by using ipchains on gateway machine. (See atached
> script for details. This is "ipmasq -l" output. You can get
> my script to harden ipmasq package from
> www.aokiconsulting.com/pub/ipmasq-fw.tar.gz
> It may require some manual editting but should give you good start.)
> ---------------
> FYI: My log has many unsuccessful atacks (excet known portscan on
> NNTP by ISP), 21 ftp 111 sunrpc 53 nameserver (DNS) 510 ???
> 515 line printer spooler 109 POP version 2 are recent atttacks.
>
> I used to get netbios (137-139) connections but not recently.
> Maybe ISP is blocking them for windoze clients???
>
> You will be surprized how many of these comes in.
>
> Osamu
>
> PS: I allow telnet. Do not laugh pls.
>
> On Sun, Feb 18, 2001 at 02:00:47PM -0500, Glenn Becker wrote:
> > solutions later, like ipchains/firewalls.
> --
> + Osamu Aoki <debian@aokiconsulting.com>, GnuPG-key: 1024D/D5DE453D +
> + Fingerprint: 814E BD64 3288 40E7 E88E 3D92 C3F8 EA94 D5DE 453D +
> + === http://www.aokiconsulting.com ======= Cupertino, CA USA === +
>
>
Reply to: