Date: Tue, 21 Sep 1999 20:17:12 -0400 From: Christopher Michaels <ChrisMic@clientlogic.com> To: Joe Bo <ibjoe@home.com> Cc: freebsd-questions@FreeBSD.ORG Subject: RE: is this an attack? Message-ID: <6C37EE640B78D2118D2F00A0C90FCB4401105C85@site2s1>
next in thread | raw e-mail | index | archive | help
Also, since you have tcp_wrappers installed take a look at 'man 5 hosts_access' and 'man 5 hosts_options'. Both are well documented, and unlike the ipfw solution (which is a good one), tcp_wrappers does log attempted connections. -Chris > -----Original Message----- > From: Eric J. Schwertfeger [SMTP:ejs@bfd.com] > Sent: Tuesday, September 21, 1999 8:01 PM > To: Joe Bo > Cc: Ben Smithurst; freebsd-questions@FreeBSD.ORG > Subject: Re: is this an attack? > > On Tue, 21 Sep 1999, Joe Bo wrote: > > > Thanks. I have those services open for use on my internal net. > > I haven't figured out yet how to disable them on my external > > network card and at the same time leave them enabled on my > > internal network card. I never telnet/ftp/etc over the public > > network to my machine, I do have and use ssh for that. > > The easiest way is to enable ipfw filtering on your machine. These are > the kinds of rules I use in a similar machine.... > > /sbin/ipfw add 100 allow tcp from any to any 25,53,79,80 recv de0 > /sbin/ipfw add 110 allow udp from any to any 53 recv de0 > /sbin/ipfw add 120 deny tcp from any to any 1-1023 recv de0 > /sbin/ipfw add 130 deny udp from any to any 1-1023 recv de0 > > The idea is to allow incoming traffic to services available to the > outside, then deny all other privledged ports, just in case. (My standard > security stance is to block all but that which is permitted in the > privledged port ranges, and allow all that isn't forbidden outside that > range). > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6C37EE640B78D2118D2F00A0C90FCB4401105C85>