Gentoo Archives: gentoo-security

From: Kim Ingemann <mail@×××××××××××.dk>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Fri, 09 Jan 2004 08:54:51
Message-Id: 1073638367.1722.23.camel@mercurius.pingvinland.dk
In Reply to: Re: [gentoo-security] firewall suggestions? by Mark Hurst
1 On Fri, 2004-01-09 at 09:33, Mark Hurst wrote:
2 > This topic is dead as far as i'm concerned, you keep default rejecting,
3 > i'll keep default dropping, and we'll see if i manage to break the
4 > Internet by doing so.
5
6 Hi.
7
8 I just had to comment on this one. I'm sort of doing both rejecting and
9 dropping on my main gateway.
10
11 My configuration is like this:
12 * Reject unnessecary packages.
13 * Drop scanners.
14
15 I'm using portsentry and I can really recommend it. It can act as a trap
16 for scanners because it binds itself to certain manually defined ports
17 (that scanners usually scans). My setup says that if someone touches a
18 couple of those ports in a short period of time it drops the connection
19 to that IP directly and notifies me about it through my cellphone.
20
21 This means that the attacker is already dropped before he/she have a
22 chance to use some exploits of the services I'm running. Of course - If
23 they're used before the scan takes place, then we have a little problem.
24 But I guess it takes care of the most of them anyway.
25
26 --
27 Med venlig hilsen / Best regards,
28
29 Kim Ingemann
30 http://pingvinland.dk/
31
32
33 --
34 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] firewall suggestions? Sandino Araico Sanchez <sandino@×××××××.net>