On Sat, Aug 04, 2001 at 12:57:23PM -0500, Alan Jackson wrote:
...
>One does have to be a little careful about making assumptions, however. My
>brother-in-law has a Hughes satellite connection, and he was unable to
>get past the security at 2 different websites, because his outbound
>packets were coming down the phone line and his incoming packets were
>taking a completely different route, from the satellite. I couldn't
>renew my prescription over the web when we visited with them because of this.
>Merck was very responsive when I complained, however.
That shouldn't make any difference as the packets are going through two
different paths.
We're using Linux boxes with WAN cards for routers, with ipchains rules on
each interface. We know what all the local subnets, and only accept
incoming packets that with destination addresses in our local subnets,
rejecting anything destined for addresses that aren't on assigned subnets,
and for the network and broadcast addresses of these subnets which avoids
the so-called ``smurf'' DoS attacks. Likewise we only allow traffic to and
from our customer's routed subnets that have apppropriate source and
destination addresses.
Incoming packets with destination addresses that are for any of the
network, broadcast, or unassigned subnets within our valid class C networks
are rejected an logged along with any that are for valid destination
addresses but to ports 137-139 and similar ones that can cause problems.
There has been a major increase in cracking activity since the first of
August. I just checked our border router, and we've logged over 9,200
rejected packets since midnight, plus another 53,344 in the first three
days of August averaging almost 17,500 per day. Just for fun, I checked
for the entire month of July, and we only had 50,303 rejections for the
entire month.
Bill
--
INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
``Democracy Is Mob Rule with Income Taxes''
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
