Re: [PLUG] weak linux firewall?

LeRoy Cressy on Tue, 2 Apr 2002 06:20:12 +0200

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] weak linux firewall?

From: LeRoy Cressy <leroy@lrcressy.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] weak linux firewall?

Date: Mon, 01 Apr 2002 23:10:46 -0500

Organization: L & R Associates

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

On a firewall the only open port that I consider acceptiable is tcp 22 for remote ssh. with the remote ssh you should only allow specific individuals login privileges from specific hosts. Ideally these should only be from inside the firewall. All of the other services that you have open on the firewall should be closed. Your firewall should do port forwarding of the specified services to a specific host. For example your port 80 should be forwarded to your apache server on the dmz lan. A firewall should not be running print services, ftp, printer, or any other service. Also a firewall should be compiled as a router. Your question has been answered as to how your `C' drive may have been seen by others. Samantha Samuel wrote: > > For reasons that are not important I have win2k on a partition. My > firewall is a linux box that has only the following ports open. > > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 80/tcp open http > 139/tcp open netbios-ssn > 515/tcp open printer > 6000/tcp open X11 > 6004/tcp open X11:4 > > When surfing the internet last night, I saw an ad that claimed my pc was > insecure and had a snapshot of my hd, that had a pic of my folders and the > size of my partition. Now this worries me. I know it was a pic of my comp, > and not some generic pc because of this one folder I had. > > Does anyone have any thoughts on how someone could have gotten past the > firewall and peeked into my machine? > > Thanks. > -- > Samantha > ------- > Real programmers do not comment their code. If it was hard to write, it > should be hard to understand. > > http://taz.cs.wcupa.edu/~ssamuel > > ______________________________________________________________________ > Philadelphia Linux Users Group - http://www.phillylinux.org > Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce > General Discussion - http://lists.phillylinux.org/mail/listinfo/plug -- Rev. LeRoy D. Cressy mailto:lcressy@telocity.com /\_/\ http://www.netaxs.com/~ldc ( o.o ) Phone: 215-535-4037 > ^ < Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

[PLUG] weak linux firewall?
From: Samantha Samuel <ssamuel@taz.cs.wcupa.edu>

Prev by Date: [PLUG] Hard Disk Partitions

Next by Date: Re: [PLUG] Kernel recompiles with GRUB

Previous by thread: Re: [PLUG] weak linux firewall?

Next by thread: Re: [PLUG] weak linux firewall?

Index(es):

Date

Thread