On Fri, 3 Jun 2005, fbsd_user wrote:
I am running ipfilter firewall and I ran test to see who gets access
to the packet first (IE: firewall or route command). Normally I have
inbound FTP port 21 denied in my firewall. I changed that rule to
allow and log so I could see all the packets flow
Francisco Reyes wrote:
I found it got too messy to read firewall rules when I had blackholing
there too. Also the feedback I got was that firewall rule was a flat
list, while the route system used some type of tree.
This is true if you use one rule per blocked address, but not true, I
Is there an effective way to manage that list? I mean, it seems to me
that you'd be adding mass routes to /etc/rc.conf. How are you going about
this.
Otherwise, it sounds like very good advice. Of course, I tend to manage a
hardware firewall in front of any of my machines, so the
2- Every time I see script kiddies I black hole their IPs.
I black hole them not only because of ssh, but because, just as
they tried
to attack ssh the same IPs may try other attacks. I try and stay up
to
date in patches, but it can not hurt to block known
compromised/hacker machines. The IPs can
On Mon, 23 May 2005, Tony Shadwick wrote:
Is there an effective way to manage that list? I mean, it seems to me that
you'd be adding mass routes to /etc/rc.conf. How are you going about this.
See
http://public.natserv.net/blackholing.tar.bz2
I put a shell script, an awk file and a mini
On Mon, 23 May 2005, fbsd_user wrote:
These manual routes are stored in memory.
Can you tell how much memory is used by your 300+ list?
I don't know, but it probably is comparable to what it would take to
put them in the firewall rules.
Is there some command to display these user added
I have broached this subject before, also searched the archives web
for a solution, but no real, clear answer for those who are not
already gurus in the subject.
I've had light-to-moderate records of attempted SSH break-ins to my
system in the past. Over the past week, I have had daily security
John DeStefano wrote:
Would someone mind briefly talking about securing
FBSD systems from such attacks, at least in a manner
that's a bit more extensive and
Let sshd also listen on another port and use a
firewall.
My firewall permits default port 22 connections
only from IP the more or less
Would someone mind briefly talking about securing FBSD systems from
such attacks, at least in a manner that's a bit more extensive and
detailed than just saying use Snort? I'm not a newbie to FBSD, but
I'm not a *NIX guru either. I'd really appreciate your help.
my approach is to use
These attacks are almost exclusively automated, looking to install a
script to launch spam runs from. They're essentially trying common
username and weak password combinations - blank password, passwords the
same as the user name, abc123, etc. There are four things you can do to
improve the
Jerry Bell wrote:
These attacks are almost exclusively automated, looking to install a
script to launch spam runs from. They're essentially trying common
username and weak password combinations - blank password, passwords the
same as the user name, abc123, etc. There are four things you can
On Sun, 22 May 2005, Chris wrote:
5. (and my favorite) If running IPFW, use something like this if you
don't need ssh open to the whole of the internet. narrow it down to a
range of IP's you need.
6. Don't use passwords at all, but use keys. Not always possible though,
but possibly one of
12 matches
Mail list logo
