RE: How to tell if a Linux machine is a zombie?

To: "'Roberto C. Sanchez'" <sanchezr@ieee.org>, <debian-user@lists.debian.org>
Subject: RE: How to tell if a Linux machine is a zombie?
From: "James Stevenson" <james@stev.org>
Date: Mon, 8 Jan 2007 23:54:15 -0000
Message-id: <[🔎] 040301c73380$50ca3c90$0500ac0a@slider>
In-reply-to: <[🔎] 20070108234758.GD30253@miami.connexer.com>

> > > useful in this environment?
> > Many folks like that one. I use shorewall. You can always block outgoing
> > ports that you dont use. If you dont run an ftp server, block port 20
> > and 21, etc.
> >
> That is why I really like the "default deny" mentality.  Start by
> blocking all incoming and outgoing new connections.  Allow only incoming
> connections for services that you know you are running.  Allow only
> outbound connections for things you know you want to do.  If you only
> browse the web and use ssh, then only allow those ports.  Many badware
> applications use port 80 or port 443, since those are very rarely
> blocked.  For bonus points, block those and setup and authenticating
> proxy.

The default deny policy can also open up a security hole on its own.
Be aware that the default rate limited reject policy can be better.

Even for blocking 80 / 443 this is why some places use proxy's cause you
block everything else but allow the proxy. It can be even more secure to use
a transparent proxy because something on port 80 is forced to talk http
instead of another protocol.

Reply to:

Follow-Ups:
- RE: How to tell if a Linux machine is a zombie?
  - From: Paul Johnson <baloo@ursine.ca>

References:
- Re: How to tell if a Linux machine is a zombie?
  - From: "Roberto C. Sanchez" <sanchezr@ieee.org>

Prev by Date: Re: set up Etch to unicode
Next by Date: Re: netfilter, iptable ...
Previous by thread: Re: How to tell if a Linux machine is a zombie?
Next by thread: RE: How to tell if a Linux machine is a zombie?
Index(es):
- Date
- Thread