From owner-freebsd-questions Mon Aug 10 15:18:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA08844 for freebsd-questions-outgoing; Mon, 10 Aug 1998 15:18:03 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from stennis.ca.sandia.gov (stennis.ca.sandia.gov [146.246.243.44]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA08775 for ; Mon, 10 Aug 1998 15:18:01 -0700 (PDT) (envelope-from bmah@stennis.ca.sandia.gov) Received: (from bmah@localhost) by stennis.ca.sandia.gov (8.9.1/8.9.1) id PAA00958; Mon, 10 Aug 1998 15:17:22 -0700 (PDT) Message-Id: <199808102217.PAA00958@stennis.ca.sandia.gov> X-Mailer: exmh version 2.0.2 2/24/98 To: junkmale@xtra.co.nz Cc: freebsd-questions@FreeBSD.ORG Subject: Re: cable modem hookup In-Reply-To: Your message of "Tue, 11 Aug 1998 09:17:41 +1200." <199808102117.JAA10843@cyclops.xtra.co.nz> From: bmah@CA.Sandia.GOV (Bruce A. Mah) Reply-To: bmah@CA.Sandia.GOV X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Url: http://www.ca.sandia.gov/~bmah/ Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-670802542P"; micalg=pgp-md5; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Mon, 10 Aug 1998 15:17:22 -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --==_Exmh_-670802542P Content-Type: text/plain; charset=us-ascii If memory serves me right, "Dan Langille" wrote: > > PS. Security tip: When you bring your machine up on the cable modem > > network, make it "as secure as possible", especially if you want to leave > > it up 24/7. You can start by turning off all the services you don't use. > > I have tracks of a lot of Bad Guys (TM) doing portscans and other random > > nasty things to my @Home-connected machine. > > Details please! What I've done is install the firewall options and used > the simple method. How did you get that tracking? Hi Dan-- I'm not doing anything real sophisticated, sorry if I gave the wrong impression. Not to give away *too* many details...I keep an "open" firewall configuration and have tcpwrappers (installed from the port) log and reject interesting connection attempts to services such as telnet, tftp, and so on. Note that sshd does its own logging. Also, I frequently have tcpdump running in case something shows up that I didn't think to log, as well as: sysctl -w net.inet.tcp.log_in_vain=1 sysctl -w net.inet.udp.log_in_vain=1 I tend to like the "paranoia" approach to probes where I can see activity, rather than the "stick my head in the sand" approach, where I can be protected, but otherwise oblivious. Where you fall in this spectrum is your personal choice, and I don't advocate one way over the other. A quick perusal of the ipfw manpage implies that you can get the same kind of logging as I'm doing via tcpwrappers. There's (IMHO) a very nice writeup by Jan B. Koum at: http://www.best.com/~jkb/howto.txt If this discussion continues, it probably ought to go over to -security... Bruce. PS. Let me also give a big plug for the bugtraq and freebsd-security mailing lists for info on vulnerabilities as they come up. PPS. There are probably safer/easier/cleaner/better-tasting/less-fattening ways to deal with this problem, but this general approach has worked for me for about the last five years or so, across multiple platforms. --==_Exmh_-670802542P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBNc9xcajOOi0j7CY9AQFdfAP+K5NwSCNBFnsbfYrswyEEVMxk7mCh9v/p ztB/hZ7hKebG6iX4ebbEKeEXGqdIWK+9V9xHBjGG81PVvgyK9FN1PUHJGxooauTS n5HYYORwM6lJm8GnSMOxtf8C9bC74db5fJGwTpVeeutE/+exBtWo3omhGkpyOSGx o0qntKopDRE= =vA33 -----END PGP MESSAGE----- --==_Exmh_-670802542P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message