1 |
On Friday, 23 February 2007 3:15, Michael Sullivan wrote: |
2 |
> I have logsentry installed on my system which sends me hourly reports |
3 |
> about possible hack attempts on my three boxes. I use ipkungfu for my |
4 |
> firewall. I've stuck with the default configuration for ipkungfu, |
5 |
> except for listing each of my machines in my LAN in the |
6 |
> accepted_hosts.conf file. I also set ipkungfu to drop all offensive |
7 |
> packets (not sure if that's the default or not.) Whenever I see someone |
8 |
> trying the break in in the logsentry reports, I add their IP to the |
9 |
> deny_hosts.conf file and restart ipkungfu so that the changes will take |
10 |
> effect. I'm wondering why if these offending IPs in deny_hosts.conf are |
11 |
> being stopped at the firewall I'm still seeing them fail to authenticate |
12 |
> to my FTP and ssh servers? |
13 |
|
14 |
If you think you've setup your firewall to block these IPs and yet they are |
15 |
still able to access your machines, then it sounds like your firewall is |
16 |
misconfigured and isn't blocking the IPs. |
17 |
|
18 |
> Also, I've always heard that you shouldn't |
19 |
> have any ports open on your machine unless you have some server bound to |
20 |
> that port because hackers can get in through unbound open ports. Is |
21 |
> this true? |
22 |
|
23 |
I've never heard of this. All ports that you don't want accessible from the |
24 |
internet should be completely blocked by your firewall if you have it |
25 |
correctly configured. |
26 |
|
27 |
> If so, how does it work? What do they connect to if |
28 |
> nothing's running on the port they're trying? I know the concept of a |
29 |
> backdoor in a running program, but if no program is running on said port |
30 |
> for them to connect to, how do they get in??? |
31 |
|
32 |
They connect to nothing, they shouldn't be able to establish a connection. |
33 |
|
34 |
> -Michael Sullivan- |
35 |
|
36 |
|
37 |
|
38 |
-- |
39 |
Raymond Lewis Rebbeck |
40 |
-- |
41 |
gentoo-user@g.o mailing list |