RE: How to tell if a Linux machine is a zombie?
> > > useful in this environment?
> > Many folks like that one. I use shorewall. You can always block outgoing
> > ports that you dont use. If you dont run an ftp server, block port 20
> > and 21, etc.
> >
> That is why I really like the "default deny" mentality. Start by
> blocking all incoming and outgoing new connections. Allow only incoming
> connections for services that you know you are running. Allow only
> outbound connections for things you know you want to do. If you only
> browse the web and use ssh, then only allow those ports. Many badware
> applications use port 80 or port 443, since those are very rarely
> blocked. For bonus points, block those and setup and authenticating
> proxy.
The default deny policy can also open up a security hole on its own.
Be aware that the default rate limited reject policy can be better.
Even for blocking 80 / 443 this is why some places use proxy's cause you
block everything else but allow the proxy. It can be even more secure to use
a transparent proxy because something on port 80 is forced to talk http
instead of another protocol.
Reply to: