On Sat, 17 Feb 2001, SoloCDM wrote:
>
> You've never had a cracker break through the ipchains REJECT?
It is no more possible than it is for them to break through a rule with
DENY.
thornton
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://list
Thornton Prime stated the following:
>
> On Sat, 17 Feb 2001, SoloCDM wrote:
> > Why the story? Ipchains has reject and from all appearances it allows
> > the worm, as it so happened long ago, into the system. Deny doesn't
> > seem to entertain any thought of accepting anything. In fact, it
>
"Mikkel L. Ellertson" stated the following:
>
> On Sat, 17 Feb 2001, SoloCDM wrote:
> >
> > It's time to resurrect this discussion!
> >
> > Long time ago, when I was not up-to-date on security, I had a cracker
> > enter a worm into my system without even entering the front door. I
> > was fortun
On Sat, 17 Feb 2001, SoloCDM wrote:
> Why the story? Ipchains has reject and from all appearances it allows
> the worm, as it so happened long ago, into the system. Deny doesn't
> seem to entertain any thought of accepting anything. In fact, it
> seems to baffle bad or good systems into not kn
On Sat, 17 Feb 2001, SoloCDM wrote:
>
> It's time to resurrect this discussion!
>
> Long time ago, when I was not up-to-date on security, I had a cracker
> enter a worm into my system without even entering the front door. I
> was fortunate to spot the trouble early, but a worm of that magnitude
Thornton Prime stated the following:
>
> On Fri, 5 Jan 2001, Roy G. Culley wrote:
>
> > Thornton Prime <[EMAIL PROTECTED]> wrote:
> >
> > > I forgot to mention, in general it is better to REJECT than DENY. REJECT
> > > responds to the source by telling them that the port is unreachable,
> > > wh
> > move my server over to my cable modem and cancel the DSL. I've noticed
that
> > @home portscans pretty regularly, so I need to be discreet about my mail
> > server.
>
> they do??? I've been with them since Dec 16 and I don't see any
> portscan like things an access_log. It has a webserver o
> move my server over to my cable modem and cancel the DSL. I've noticed that
> @home portscans pretty regularly, so I need to be discreet about my mail
> server.
they do??? I've been with them since Dec 16 and I don't see any
portscan like things an access_log. It has a webserver on it and I
On Fri, 5 Jan 2001, Roy G. Culley wrote:
> Thornton Prime <[EMAIL PROTECTED]> wrote:
>
> > I forgot to mention, in general it is better to REJECT than DENY. REJECT
> > responds to the source by telling them that the port is unreachable,
> > wheras deny simply drops the packets entirely.
> >
> >
Thornton Prime <[EMAIL PROTECTED]> wrote:
> I forgot to mention, in general it is better to REJECT than DENY. REJECT
> responds to the source by telling them that the port is unreachable,
> wheras deny simply drops the packets entirely.
>
> If you are going to block access by protocol and port,
** Reply to message from "Halcyon" <[EMAIL PROTECTED]> on Thu,
4 Jan 2001 16:05:56 -0800
> > Although such a magnanimous rationale may have been the impetus, the
> > bottom line quickly took precedence. The main reason that @home scans is
> > to ensure that you are not running servers on their lo
> Although such a magnanimous rationale may have been the impetus, the
> bottom line quickly took precedence. The main reason that @home scans is
> to ensure that you are not running servers on their lower-priced product
> packages. In Canada, their packages which allow running client-side
> serve
Bob Glover wrote:
> Guys, to keep the breakage to a minumim, just block scans from @homes
> corporate network. Use the whois command to find out the ip range. I
> think it is 24.0.0.0/16 IIRC.
> As I understand it, the reason they scan is because the usenet admins
> worldwide pressured them
Thanks for the help, everyone. I really appreciate it.
-Halcyon
- Original Message -
From: "Burke, Thomas G." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 04, 2001 11:59 AM
Subject: RE: blackhole firewall rules
> There
Guys, to keep the breakage to a minumim, just block scans from @homes
corporate network. Use the whois command to find out the ip range. I
think it is 24.0.0.0/16 IIRC.
Do it this way:
ipchains -A input -p tcp -s 24.0.0.0/16 -d 0/0 ! 1024:65535 -j DENY
ipchains -A input -p udp -s 24.0.0.0/16 -
I forgot to mention, in general it is better to REJECT than DENY. REJECT
responds to the source by telling them that the port is unreachable,
wheras deny simply drops the packets entirely.
If you are going to block access by protocol and port, then you should use
REJECT, and it will appear that
There ya have it - the solution.
> -Original Message-
> From: Thornton Prime [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 04, 2001 2:57 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: blackhole firewall rules
>
> On Thu, 4 Jan 2001, Burke, Thomas
On Thu, 4 Jan 2001, Burke, Thomas G. wrote:
> I know you can block specific hosts, but I'm not sure you can block specific
> ports on those hosts... You wouldn't want to block their server completely,
> as all traffic probably passes through it.
>
> To do that, tho, you can do this:
> $IPCHAINS
ET -j DENY
I don't know about blocking a specific port, though...
> -Original Message-
> From: Halcyon [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 04, 2001 2:24 PM
> To: [EMAIL PROTECTED]
> Subject: Re: blackhole firewall rules
>
> - Original Me
Thanks:)
> -Original Message-
> From: Mikkel L. Ellertson [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 04, 2001 2:12 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: blackhole firewall rules
>
> On Thu, 4 Jan 2001, Burke, Thomas G. wrote:
>
- Original Message -
From: "Burke, Thomas G." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 04, 2001 10:51 AM
Subject: RE: blackhole firewall rules
> Why not just reject packets on the port where they scan? I imagine they
> usually scan
datagrams)
>
>> -Original Message-
>> From:Steven Pierce [SMTP:[EMAIL PROTECTED]]
>> Sent:Thursday, January 04, 2001 1:54 PM
>> To: [EMAIL PROTECTED]
>> Subject: RE: blackhole firewall rules
>>
>>
>> Thomas,
>>
On Thu, 4 Jan 2001, Burke, Thomas G. wrote:
> Why not just reject packets on the port where they scan? I imagine they
> usually scan the same port number.
>
> ie:
> # Back Orifice
> $IPCHAINS -A input -l -p tcp -s $ALLADDR -d $EXTERNAL_NET 31337 -j DENY
> $IPCHAINS -A input -l -p udp -s $ALLAD
The 1st one is -p tcp, and the 2nd is -p udp (one to block tcp & one to
block udp datagrams)
> -Original Message-
> From: Steven Pierce [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 04, 2001 1:54 PM
> To: [EMAIL PROTECTED]
> Subject: RE: black
00 -j
>DENY
>$IPCHAINS -A input -l -p udp -i $EXTERNAL_IF --destination-port 0-500 -j
>DENY
>
>I hve no way to test this at the moment, but these are my inclinations...
>Anyone else have any inputs?
>
>
>
>> -Original Message-
>> From: Halcy
sage-
> From: Halcyon [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 04, 2001 12:45 PM
> To: [EMAIL PROTECTED]
> Subject: blackhole firewall rules
>
> Hello, I'd like to be able to create a firewall rule that would drop all
> packets coming to my Linux box from
Hello, I'd like to be able to create a firewall rule that would drop all
packets coming to my Linux box from the home.net network if they are trying
to open a port below say, 500.
My reason for this being that for the past year, I've ran my own IMAP mail
server on my DSL and I've loved it. There
27 matches
Mail list logo
