On Friday, 23 February 2007 3:15, Michael Sullivan wrote: > I have logsentry installed on my system which sends me hourly reports > about possible hack attempts on my three boxes. I use ipkungfu for my > firewall. I've stuck with the default configuration for ipkungfu, > except for listing each of my machines in my LAN in the > accepted_hosts.conf file. I also set ipkungfu to drop all offensive > packets (not sure if that's the default or not.) Whenever I see someone > trying the break in in the logsentry reports, I add their IP to the > deny_hosts.conf file and restart ipkungfu so that the changes will take > effect. I'm wondering why if these offending IPs in deny_hosts.conf are > being stopped at the firewall I'm still seeing them fail to authenticate > to my FTP and ssh servers?
If you think you've setup your firewall to block these IPs and yet they are still able to access your machines, then it sounds like your firewall is misconfigured and isn't blocking the IPs. > Also, I've always heard that you shouldn't > have any ports open on your machine unless you have some server bound to > that port because hackers can get in through unbound open ports. Is > this true? I've never heard of this. All ports that you don't want accessible from the internet should be completely blocked by your firewall if you have it correctly configured. > If so, how does it work? What do they connect to if > nothing's running on the port they're trying? I know the concept of a > backdoor in a running program, but if no program is running on said port > for them to connect to, how do they get in??? They connect to nothing, they shouldn't be able to establish a connection. > -Michael Sullivan- -- Raymond Lewis Rebbeck -- gentoo-user@gentoo.org mailing list
