Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Be paranoid and use both. TCP wrappers only protects inetd services you've
told to use them and other services compiled with tcp wrapper
support.
Using REJECT is usually best for internal traffic and DENY for traffic
from the Net I think. Be default I DENY all incoming packets and only
allow in those I deem okay. This way you won't forget anything. My IPchain
rules would probably work for you if you want to try it. I don't do any
network gaming though so you might have to adjust a lil for such things.
Remember that if your using a cable modem you should never use telnet,
ftp, or any unencrypted protocol either in or out to connect to anything
you want to keep safe and private. Really you shouldn't use any of those
protocols across any unsecured section of network.
*^*^*^*
Michael McGlothlin <EMAIL:PROTECTED>
http://www.kavlon.com
On Mon, 2 Apr 2001, Chris W wrote:
> I think it was mentioned here on the list a while back something to
> the effect of tcp_wrappers not being as secure as blocking with
> ipchains... is that the general consensus? I'm using tcp_wrappers to
> block telnet from the outside to my home machine. I tried setting up
> ipchains to do it with:
>
> /sbin/ipchains -I input 1 -p tcp -s 0.0.0.0/0 -d
> cxxxxx-a.clmba1.mo.home.com 23 -l -j DENY
>
> An incoming telnet session will "hang" with repeated attempts to
> connect. Also tried REJECT on the ipchains command. What's more
> desirable? Is that ipchains command correct?
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact