What is the best way to protect specific daemons (inet and standalone like proftpd and apache) from intrusion attempts? I am not that familiar with Linux firewalling rules yet and am in the process of obtaining a comprehensive administrator's study guide. I presently have hosts.deny with lines to block outside attacks to telnet, etc. but they don't seem to work. The lines read:
ALL: PARANOID ALL: .dial.domain1.com ALL: .dialup.domain2.net sshd: ALL EXCEPT 127. ip.block.1. ip.block.2. ip.block.3. in.fingerd: ALL EXCEPT 127. ip.block.1. ip.block.2. ip.block.3. in.telnetd: ALL EXCEPT 127. ip.block.1. ip.block.2. ip.block.3. portmap: ALL EXCEPT 127. ip.block.1. ip.block.2. ip.block.3. Two of the hosts omitted ip.block.2. and ip.block.3. in the hosts.deny file. This configuration successfully repels attempts from the specified domains, but it doesn't seem to work for the specific daemons like telnet. My tests were using our own servers from one in ip.block.2. to one that does not have the last two blocks included in the telnet line. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
