General rule of thumb... set your rules up to allow what you need. deny *everything* else. Unless you plan on being a public server, you can pretty much block everything incoming below port 1024. Michael J. Sheldon Internet Applications Developer Phone: 480.699.1084 http://www.desertraven.com/ PGP Key Available on Request -----Original Message----- From: plug-discuss-admin@lists.PLUG.phoenix.az.us [mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Craig White Sent: Thursday, March 30, 2000 23:53 To: plug-discuss@lists.PLUG.phoenix.az.us Subject: RE: Linux Employment Opp Having been violated...I am visiting with some thought...ipchains rules I am currently blocking the following ports on my external network card... 23 (telnet) 53 (dns) 67 (bootp) 68 (bootp) 137 (netbios) 138 (netbios) I also noticed that you have to be careful what you log when you are connecting to @home's shared bandwidth because if you ignore all the jerks doing endless port scanning, your logs will still multiply like flies in a Chicago neighborhood if you log activity at ports 67, 68 & 2301. obviously, if I want to give internet access to mail, ftp & www, I would allow ports 25, 110, 21 & 80 (possibly 443) but I'm wondering if I'm missing some obvious ports that are known to be exploited. Any suggestions? one other question...if I don't install ssh, is there any benefit to create a rule for ipchains to DENY/REJECT port 22 or is it meaningless if neither inetd nor any other daemon monitors it? thanks Craig ----:----|----:----|----:----|----:----|----:----|----:----| - Craig White - PO Box 8634 - Scottsdale, Arizona - 85252 - e-mail address ................ - CraigWhite@AzApple.com - world wide web address ........ - http://www.AzApple.com - e-mail my pager address ....... - 6023779752@airtouch.net - cellular phone ................ - (602) 377-9752 - voice/facsimile ............... - (480) 945-8445 ----:----|----:----|----:----|----:----|----:----|----:----| _______________________________________________ Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss