Wingate sits on a full fledged OS and you should be watching it. For
Windows, I just love BlackIce from Network Ice. I see about 2 to 4 hits per
day of people using kiddie scripts to scan large portions of the Internet on
machines that are permantly attached.
But STN is a very stripped down Linux kernal and has no such facilities
builtin and because it's stripped down, not much can be added in without
very good working knowledge of Linux. Unless you think your channel is
being flooded with DoS attacks, I wouldn't worry and there isn't anything(to
my knowledge) that can be added to STN. If you really want to do
monitoring, you would need to install a full Linux install and roll your own
NAT and add in the monitoring you are asking for. But now your hardware
requirements just went up also.
Lyle
-----Original Message-----
From: Bob Selby [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 05, 2000 5:39 PM
To: [EMAIL PROTECTED]
Subject: Re: [ShareTheNet] Security
On Sat, 05 Feb 2000 09:05:32 -0800, you wrote:
>the only server that I know about that you can access inside the STN is the
>admin web page.
Understood
>1) that's password protected.
>2) you can restrict to only intranet access.
Yep
>Other than that there are very few services availble that a hacker can
>attach to inside the STN box. Other than denial of service attempts that
>involve you having to reboot the STN server, I don't know of other openings
>in the software unless you have ports mapped to internal computers and that
>is a manual step. (if there are any please let me know, but it's a
stripped
>down LINUX kernal that has not services except the admin page and what is
>necessary for STN to perform it's services.)
My admin server is only accessible from the local network (I dont need
remote admin so enabling it
seemed an unneccessary risk) and I have nothing enabled except the defaults
as regards ports and
services enabled.
>You can turn on debug logs if you suspect problems also, but that is done
in
>the building stage of STN before you create the floppy.
My concern was more one of - If someone is trying to (for example) telnet
into a blocked service
or scaning ports to look for a weakness - is there a log trail that might
warn me ??? and what info
is logged that might help me slap the wrist of the wouldbe hacker ???
The reason that I am interested is that a friend has had problems (in his
case with Wingate (I
think)) on his cable modem setup and we had to run a network monitoring tool
on the cable modem
side to see wat was going on.
>How can I tell if someone is trying to hack through STN ??
>
>I assume that attempts to access resources are logged somehow - whats the
>best way to access this
>info ??
>
>Rgds,
>Bob
>
>--
>Visit http://www.ShareTheNet.com for info about ShareTheNet
>Visit http://www.topica.com/lists/sharethenet for info about this list
>
>_______________________________________________________
>Follow the U.S. presidential race on our Politics list!
>http://www.topica.com/lists/politics
Rgds,
Bob
--
Visit http://www.ShareTheNet.com for info about ShareTheNet
Visit http://www.topica.com/lists/sharethenet for info about this list
_______________________________________________________
Follow the U.S. presidential race on our Politics list!
http://www.topica.com/lists/politics
--
Visit http://www.ShareTheNet.com for info about ShareTheNet
Visit http://www.topica.com/lists/sharethenet for info about this list
_______________________________________________________
Follow the U.S. presidential race on our Politics list!
http://www.topica.com/lists/politics
