On 05-12-09 17:55, Glenn English wrote: >>> All traffic to any service not offered publicly somewhere on my >>> network is dropped without further comment at the border router. You >>> guys seem to be not doing that.
> Hmmm. Both responses I've received so far have said similar things: the > NTP server is sitting on the 'Net. My home server sits behind a NAT-router / ADSL modem, which only forwards ports I want to be visible from the outside. Further, the server with NTP blocks everything I don't use, both outside -> in (drop most ports silently) and inside -> out (ICMP response). With inside -> out I differentiate server -> out and LAN -> out. > Working great so far, except for when I cut myself off from the universe. > I do spend an awful lot of time futzing with it, though, and adding a new > service is a significant production. OTOH I haven't been visited by that > guy from China again... > > And y'all are actually OK without all this? Interesting. Just keep it up, if you feel so. To answer your initial question: nothing wrong with protecting your server. Arnold _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
