Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.3.2">
</HEAD>
<BODY>
On Mon, 2005-10-10 at 15:20 +1000, Ben Anderson wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">It may make sense for small, limited users machines, but what about </FONT>
<FONT COLOR="#000000">servers that are intentionally advertising ssh for it's users globally, </FONT>
<FONT COLOR="#000000">so can't use port knocking, can't block all of korea (as some users </FONT>
<FONT COLOR="#000000">definatly connect from there) and so on...</FONT>
</PRE>
</BLOCKQUOTE>
Ben, your correct ... it would be silly to block China on a commercial server doing business with China. Those machines probably require a secure architecture most of us light-weight users cant support.
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">Seems to me blocking large chunks of the net because they're a pain is a </FONT>
<FONT COLOR="#000000">short term solution that's going to cause long term pain for the </FONT>
<FONT COLOR="#000000">internet at large if it's allowed to become standard practice...</FONT>
</PRE>
</BLOCKQUOTE>
Once again, censorship is silly but it works. There is something ironic about censoring a country that censors their Internet.
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">Shouldn't this list focus on the general, base level security rather </FONT>
<FONT COLOR="#000000">than specific work-arounds for these type of issues that don't apply to </FONT>
<FONT COLOR="#000000">a lot of boxen?</FONT>
<FONT COLOR="#000000">2c out.</FONT>
<FONT COLOR="#000000">Ben</FONT>
<FONT COLOR="#000000">Dave Strydom wrote:</FONT>
<FONT COLOR="#000000">> I think there is an easier way of doing this...</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> Why not use the GEOIP IPTABLES patch and then just use this in your </FONT>
<FONT COLOR="#000000">> firewall:</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> -----------------------------------------------------------------------------------------</FONT>
<FONT COLOR="#000000">> $IPTABLES -A INPUT -p tcp -m geoip --src-cc CN -j DROP</FONT>
<FONT COLOR="#000000">> $IPTABLES -A INPUT -p tcp -m geoip --src-cc KR -j DROP</FONT>
<FONT COLOR="#000000">> $IPTABLES -A INPUT -p tcp -m geoip --src-cc TW -j DROP</FONT>
<FONT COLOR="#000000">> $IPTABLES -A INPUT -p tcp -m geoip --src-cc HK -j DROP</FONT>
<FONT COLOR="#000000">> -----------------------------------------------------------------------------------------</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> This way you have 4 simple rules which do the work of that entire script.</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> On 10/10/05, *Taka John Brunkhorst* <<A HREF="mailto:antiwmac@...">antiwmac@...</A> </FONT>
<FONT COLOR="#000000">> <mailto:<A HREF="mailto:antiwmac@...">antiwmac@...</A>>> wrote:</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> nice but why do we need to block them?</FONT>
<FONT COLOR="#000000">> ssh worms? or just lamers?</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> -- </FONT>
<FONT COLOR="#000000">> <A HREF="mailto:antiwmac@...">antiwmac@...</A> <mailto:<A HREF="mailto:antiwmac@...">antiwmac@...</A>></FONT>
<FONT COLOR="#000000">> Taka John Brunkhorst </FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> </FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>
|
| Attachment: |
|
signature.asc (This is a digitally signed message part)
|
|
