On Wed, 2005-08-03 at 23:37 +0200, Ryan Viljoen wrote: > Joseph could you direct me toward a how to on how to set that up, please.
I use freesco firewall and they have small package (add-on) called knock, you can install it on a floppy see my howto: http://forums.freesco.org/support/index.php?showtopic=13731 but eventually I moved it to HD (as I had too much problems with 1.68Mb floppies) My intension was to use this setup to print to a remote printer location over SSH, and it works like a charm. The knock demon runs on firewall (that is the best setup) and listen for specific knock sequence. You can open any port this way. If you have a Gentoo based firewall, knock in in portage but your machine must more mussels to run Gentoo; and Freesco will run on any "door-stopper" starting from 486. -- #Joseph > Raphael have you gone through > http://www.gentoo.org/doc/en/security/index.xml it has some good > points and worth going through and ticking off each one. > > Cheers > Rav > > On 8/3/05, Joseph <[EMAIL PROTECTED]> wrote: > > On Tue, 2005-08-02 at 23:50 +0000, Raphael Melo de Oliveira Bastos Sales > > wrote: > > > Hi there, > > > > > > I was wondering what tools should I use to detect security flaws to > > > my server and a few tips on how to use them. What are the most common > > > forms of attack and how do I avoid being attacked by one of them? > > > > > > The services avaliable are only Apache - SSL and SSH. I've > > > installed an firewall, iptables and firestarter to control it, and > > > blocked all ports except 443 and 8080, where the SSH is listening. > > > Apache has PHP installed as a module. > > > > > > Thanks for the attention, > > > > > > Raphael. > > > > I have port knocking installed on firewall, to further protect any SSH > > attacks. > > So port 22 is closed (in stealth mode) and only opens if it received the > > right knock sequence, moreover it is only opened to an IP address from > > which received successful knock sequence; all others see this port as > > closed (in stealth mode). > > > > -- > > #Joseph -- gentoo-user@gentoo.org mailing list
