RE: Specific question about: [MLUG - DISCUSSION] network scanning?

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: EMAIL:PROTECTED
Subject: RE: Specific question about: [MLUG - DISCUSSION] network scanning?
From: Chris W <EMAIL:PROTECTED>
Date: Tue, 03 Apr 2001 08:29:25 -0500 (CDT)
In-Reply-To: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED>
Reply-To: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED
User-Agent: IMP/PHP IMAP webmail program 2.2.3

I learned my lesson about telnet and ftp some long time ago after 
getting a work box hit by a script kiddie.  I've been only allowing 
ftp and telnet on my home network, but have never liked it b/c inetd 
(this is RH 6.2) can't allow them to bind to only certain 
interfaces.  Thus, I get logs all day from tcp_wrappers.  Does xinetd 
fix all that with it's better config options?

DENY vs. REJECT.  When I enabled this ipchains rule for DENY FTP, an 
incoming session caused 12 log entries over 13 minutes, before timing 
out.  AND I *still* got a log entry for tcp_wrappers, which I take to 
mean that the ipchains rule allowed it on to the wrappers level.  I 
changed the rule to block at the SYN level (-y), not reject or deny.  
This caused an incoming connection to quit right away.  IPchains and 
wrappers both logged it.

I will study up on this stuff, as I'd like to just have strong 
ipchains blocking and logging the probes to my system.  Yeah, Michael, 
if you wouldn't mind sending me off-list your ipchains ruleset for 
comparison, that'd be cool.  I'm taking the advice and just turning 
off telnet/ftp totally.

Thanks!
Chris

Quoting Michael <EMAIL:PROTECTED>:

> Be paranoid and use both. TCP wrappers only protects inetd
> services you've
> told to use them and other services compiled with tcp wrapper
> support.
> 
> Using REJECT is usually best for internal traffic and DENY for
> traffic
> from the Net I think. Be default I DENY all incoming packets
> and only
> allow in those I deem okay. This way you won't forget
> anything. My IPchain
> rules would probably work for you if you want to try it. I
> don't do any
> network gaming though so you might have to adjust a lil for
> such things.
> 
> Remember that if your using a cable modem you should never use
> telnet,
> ftp, or any unencrypted protocol either in or out to connect
> to anything
> you want to keep safe and private. Really you shouldn't use
> any of those
> protocols across any unsecured section of network.
> 
> *^*^*^*
> Michael McGlothlin <EMAIL:PROTECTED>
> http://www.kavlon.com
> 

> > /sbin/ipchains -I input 1 -p tcp -s 0.0.0.0/0 -d 
> > cxxxxx-a.clmba1.mo.home.com 23 -l -j DENY
> > 
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

References:
- RE: Specific question about: [MLUG - DISCUSSION] network scanning?
  - From: Michael <EMAIL:PROTECTED>

Prev by Date: [MLUG - DISCUSSION] games?
Next by Date: RE: [MLUG - DISCUSSION] network scanning?
Previous by thread: RE: Specific question about: [MLUG - DISCUSSION] network scanning?
Next by thread: RE: [MLUG - DISCUSSION] network scanning?
Index(es):
- Date
- Thread