Date: Tue, 22 Feb 2000 13:46:46 -0500 From: "James A. Mutter" <jmutter@ds.net> To: Jonathon McKitrick <jcm@dogma.freebsd-uk.eu.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: security question (firewalls) Message-ID: <38B2D996.30FABF39@ds.net> References: <Pine.BSF.4.21.0002221826080.12055-100000@dogma.freebsd-uk.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jonathon McKitrick wrote: > > Quick question: i read that a guy with a DSL connection running Linux > found he was an unwilling participant in some hacker attacks, or at > least could have been. Apparently someone hacked his box and left a > script there. For frequent/extended ppp connections from my laptop, > should i consider going through the trouble of setting up a firewall? A DSL connection, in my opinion, is more likely to be attacked because it is a permanent connection. It's likely in his case that he was hosting a public W3 site, ftp site or something else that drew attention to his box. You on the other hand, with regular dialup PPP connections are less conspicuous, and therefore less likely to attack. Is it a good idea to setup a firewall? Of course it is. If nothing else it's a learning experience. If you're using the user-land PPP client it already has in/out/dial/keepalive filters just waiting to be configured. If you're using kernel-land PPP then I think you can probably use the IP Filter/IP Nat package or Natd. Personally I recommend IP Filter, I think it's easier to setup, has a more 'natural' syntax, and can do a few things that Natd can't. For more information try the following: * man ppp * read the ppp.conf examples located here: /usr/share/examples/ppp * http://www.freebsd.org/handbook/ppp-and-slip.html * http://www.freebsddiary.org/topics.html (All kinds of info here) * http://coombs.anu.edu.au/~avalon/ * http://www.obfuscation.org/ipf/ * man natd That should certainly be enough to get you going. :) Good luck, Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38B2D996.30FABF39>