Gentoo Archives: gentoo-security

From: Kim Ingemann <mail@×××××××××××.dk>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Fri, 09 Jan 2004 08:54:51
In Reply to: Re: [gentoo-security] firewall suggestions? by Mark Hurst
On Fri, 2004-01-09 at 09:33, Mark Hurst wrote:
> This topic is dead as far as i'm concerned, you keep default rejecting, > i'll keep default dropping, and we'll see if i manage to break the > Internet by doing so.
Hi. I just had to comment on this one. I'm sort of doing both rejecting and dropping on my main gateway. My configuration is like this: * Reject unnessecary packages. * Drop scanners. I'm using portsentry and I can really recommend it. It can act as a trap for scanners because it binds itself to certain manually defined ports (that scanners usually scans). My setup says that if someone touches a couple of those ports in a short period of time it drops the connection to that IP directly and notifies me about it through my cellphone. This means that the attacker is already dropped before he/she have a chance to use some exploits of the services I'm running. Of course - If they're used before the scan takes place, then we have a little problem. But I guess it takes care of the most of them anyway. -- Med venlig hilsen / Best regards, Kim Ingemann -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] firewall suggestions? Sandino Araico Sanchez <sandino@×××××××.net>