hookup to cable modem was easy

[Digital Wokan]

/etc/hosts.deny is used by inetd, xinetd, and possibly a few other services to 
determine whether or not someone can connect to a server on your system, not 
whether or not you can connect out on things such as AIM.  You need to be 
looking into iptables for blocking ports you don't want traffic coming in 
and/or going out on.

So if you've set up /etc/hosts.deny to allow access to ftp (or more likely set 
that up in /etc/hosts.allow), you've now allowed outsiders to connect to an 
ftp server on your system if you have one running.

If you've got a standalone system connected to your cable modem, you're safest 
bet for blocking the servers is to have
/etc/hosts.allow:
all : 127.0.0.1

/etc/hosts.deny:
all : all

Note that if you installed Apache and it's running, it doesn't use the 
hosts.allow/deny.  It serves anyone by default.  (I'm not sure if there's a 
way to change that in httpd.conf.)

I think webmin uses them, so if you have an SSL enabled version (Mandrake 
includes SSL version, Red Hat didn't in 7.2, no idea for 7.3 or other 
distros), you can add
10000: all
to /etc/hosts.allow and gain remote admin to your system.  For SSH access from 
anywhere add:
23: all

On Saturday 17 August 2002 11:49, Craig S. wrote:
> All I can say is wow! I have never used DHCP before or tried to setup a
> *nix system with a DHCP connection. It was much easier than I expected, no
> wonder there are hardly any how-to's for specific connections. I dropped a
> netgear FA-310TX 10/100MB card into one of my PCI slots. Setup tulip
> drivers for kernel and setup the new image. Hooked up the cable modem, ran
> ifconfig and answered 3 questions:
>
> 1) dynamic for the IP address
> 2) host_name = whatever you want (I think this was the question)
> 3) domain_name = cox.net
>
> rebooted the system and bam.... I was online. I am a little concerned about
> security cause I guess I have a static IP now or at least the cable modem
> has a static IP. I set hosts.deny to not allow any outside connections (to
> ports?), outside of AIM, nntp, e-mail, www, and ftp I don't do much else.
> and with AIM I have a set list of people that I correspond with and that is
> it. Should I setup iptables for a little more insurance? I don't have
> anything really confidential or needing security, all my work now is with
> genetic algorithms and neural nets which I backup periodically. My main
> security concern is someone just maliciously or even just a curiosity
> seeker getting user access or rooting the system and screwing it up in the
> process because I am lazy and don't want to reconfigure my system from
> scratch. I have been watching my logs, using netstat, and using other basic
> security measures and haven't seen any malicious activity that I notice but
> as I said before I am no netwo! rk security guru. Hell I am not even a
> network guru.
>
> Also when I want to SU to drop something say in /usr/local/bin or to do
> system maintenance can I kill and restart dhcpd or do I have to reboot when
> I restart dhcpd.
>
> side note - I love my broadband connection, I don't think I could ever do
> dialup again. But Cox's Customer Service dept leaves a lot to be desired, I
> was without a broadband connection for 6 mos due to a installation error, I
> called them twice about it but couldn't get service calls in a time frame
> where I was available to sit and wait. When I finally got a tech out he
> told me the problem wasn't my end but theirs so I went to customer service
> for credit since Cox screwed up the initial install for high speed internet
> (I guess they call it HSD for short.) The first person I spoke with was
> polite and said she would send the issue to their escalation dept since the
> credit was more than she could handle. I guess their escalation dept
> refused the credit saying that the installation problem was my fault
> (probably because I use linux and not winblows) even though their tech
> answered explicitly that the failure of the modem to sync signal was their
> fault at install. Yesterday I spen! t 5 hours talking to ditzy reps who
> would keep telling me they didn't understand what I was talking about with
> power measurements and stuff like that. Cox's Reply was "Our escalation
> dept. researched this issue and deemed the outage to be your fault not
> ours." When I tried to pin down how the research was done no one could
> answer that, I asked if the tech that determined my HSD outage to be due to
> faulty installed had been contacted and Cox's reply was "no." I had them
> read all the notes on my acct from day 1 and they don't even keep good
> notes as to what a problem is. I asked one cust. service rep to put down
> verbatim what I was told with respect to power measurements on the line but
> she refused to reopen the case. So I went down to their office in chandler,
> they were no help at all and just told me I had to deal with customer
> service on the phone. So I called customer service back and spoke with a
> rep who said that we had to have a 2 way conversation... Funny cause I had
> t! hree 1 way conversations already with Cox, she got her supervisor who
> read the notes to me from that day, that is when I found out that the first
> rep I spoke with who said she put down what I said verbatim about power
> levels lied and hadn't entered those notes. Supposedly this supervisor took
> down what I said and sent the case back to escalation (which they will
> probably refuse me credit again.) -- end rant
>
> Just thought that my experience will help others decide yay or nay to do
> business with Cox. From what I hear though Qwest is worse.
>
> Craig S.