| 1 |
On Friday, 23 February 2007 3:15, Michael Sullivan wrote: |
| 2 |
> I have logsentry installed on my system which sends me hourly reports |
| 3 |
> about possible hack attempts on my three boxes. I use ipkungfu for my |
| 4 |
> firewall. I've stuck with the default configuration for ipkungfu, |
| 5 |
> except for listing each of my machines in my LAN in the |
| 6 |
> accepted_hosts.conf file. I also set ipkungfu to drop all offensive |
| 7 |
> packets (not sure if that's the default or not.) Whenever I see someone |
| 8 |
> trying the break in in the logsentry reports, I add their IP to the |
| 9 |
> deny_hosts.conf file and restart ipkungfu so that the changes will take |
| 10 |
> effect. I'm wondering why if these offending IPs in deny_hosts.conf are |
| 11 |
> being stopped at the firewall I'm still seeing them fail to authenticate |
| 12 |
> to my FTP and ssh servers? |
| 13 |
|
| 14 |
If you think you've setup your firewall to block these IPs and yet they are |
| 15 |
still able to access your machines, then it sounds like your firewall is |
| 16 |
misconfigured and isn't blocking the IPs. |
| 17 |
|
| 18 |
> Also, I've always heard that you shouldn't |
| 19 |
> have any ports open on your machine unless you have some server bound to |
| 20 |
> that port because hackers can get in through unbound open ports. Is |
| 21 |
> this true? |
| 22 |
|
| 23 |
I've never heard of this. All ports that you don't want accessible from the |
| 24 |
internet should be completely blocked by your firewall if you have it |
| 25 |
correctly configured. |
| 26 |
|
| 27 |
> If so, how does it work? What do they connect to if |
| 28 |
> nothing's running on the port they're trying? I know the concept of a |
| 29 |
> backdoor in a running program, but if no program is running on said port |
| 30 |
> for them to connect to, how do they get in??? |
| 31 |
|
| 32 |
They connect to nothing, they shouldn't be able to establish a connection. |
| 33 |
|
| 34 |
> -Michael Sullivan- |
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
-- |
| 39 |
Raymond Lewis Rebbeck |
| 40 |
-- |
| 41 |
gentoo-user@g.o mailing list |
Archives