I did not see this come thru and since I took the time to write I dug it out of my sent folder and it here it is.
BTW my maillog shows it was sent ok to mx1.redhat.com at 9:52. Oh well. Bret On Thu, 2002-10-17 at 09:47, Bret Hughes wrote: > On Thu, 2002-10-17 at 06:42, linux power wrote: > > > > Well. The problem is that they have attemped to do so several times. > > And its not done by a school child. My iptables firewall is to good for that. > > I have to say something here. With this attitude you will probably get > nailed again. You have been given some very sound advice from some very > experienced users but in spite of that you sem to think that an iptables > firewall should be enough. I submit that be definition it is not or we > would not be having this conversation. > > I was hacked on my home firewall a couple of years ago because I had an > old version of sendmail running. I did not even know it was running. so > I did not bother to update it. > > I am a firm believer in dedicated firewall machines as you mentioned. > The one at my house is a P90 IBM box I got off ebay a couple of years > ago for < $90 shipping included. > > I now run tripwire, portsentry and have logcheck send me emails from the > 5 firewalls I currently maintain and can tell you that each of these > boxes get banged on daily on numerous ports. I subscribe to several > security lists so hopefully I become aware of exploits early and can > take corrective action. I not only disable but rpm -e anything that I > think I can get along without. I only run ssh with protocol 2, dsa key > required ad no root login. Certainly no email, ftp, X, chat server or > any of that sort of stuff. > > There is probably more I could do and will as I continue to learn about > this morass called computer security. Really wading into this stuff is > a great way to learn about the internals of the os and the various > services and protocols that they run on. > > up2date is a good service as is subscribing to lists like the > redhat-watch, linux-security and a few others I cant think of right now. > > In case you missed the point, good security is multi-layered. There are > a number of good security howtos out there I suggest you read a few. > > An old mentor of mine told me on several occations that if you keep > hearing the same thing from different sources you should probably pay > attention. Sound advice IMNSHO. > > > HTH > > Bret -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
