Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Chris W wrote:
>
> I think it was mentioned here on the list a while back something to
> the effect of tcp_wrappers not being as secure as blocking with
> ipchains... is that the general consensus? I'm using tcp_wrappers to
> block telnet from the outside to my home machine. I tried setting up
> ipchains to do it with:
>
> /sbin/ipchains -I input 1 -p tcp -s 0.0.0.0/0 -d
> cxxxxx-a.clmba1.mo.home.com 23 -l -j DENY
>
> An incoming telnet session will "hang" with repeated attempts to
> connect. Also tried REJECT on the ipchains command. What's more
> desirable? Is that ipchains command correct?
If it works for its intended purpose without breaking anything else,
it's probably correct. The difference between DENY and REJECT is that
REJECT will generate a response about connection being unavailable, and
DENY will silently discard all packets. So it's better to use REJECT for
outbound traffic for easier problem resolution, and use DENY for
incoming traffic to make crackers waste their time expecting response
from your machine that will never come.
See http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-4.html
-- MK
<< Terra es et in terram ibis >>
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact