Having been violated...I am visiting with some thought...ipchains rules
I am currently blocking the following ports on my external network card...
23 (telnet)
53 (dns)
67 (bootp)
68 (bootp)
137 (netbios)
138 (netbios)
I also noticed that you have to be careful what you log when you are
connecting to @home's shared bandwidth because if you ignore all the jerks
doing endless port scanning, your logs will still multiply like flies in a
Chicago neighborhood if you log activity at ports 67, 68 & 2301.
obviously, if I want to give internet access to mail, ftp & www, I would
allow ports 25, 110, 21 & 80 (possibly 443) but I'm wondering if I'm missing
some obvious ports that are known to be exploited. Any suggestions?
one other question...if I don't install ssh, is there any benefit to create
a rule for ipchains to DENY/REJECT port 22 or is it meaningless if neither
inetd nor any other daemon monitors it?
thanks
Craig
----:----|----:----|----:----|----:----|----:----|----:----|
- Craig White - PO Box 8634 - Scottsdale, Arizona - 85252
- e-mail address ................ -
CraigWhite@AzApple.com
- world wide web address ........ -
http://www.AzApple.com
- e-mail my pager address ....... -
6023779752@airtouch.net
- cellular phone ................ - (602) 377-9752
- voice/facsimile ............... - (480) 945-8445
----:----|----:----|----:----|----:----|----:----|----:----|
(text/plain)