LeRoy Cressy on Thu, 30 Jan 2003 16:41:04 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] firewall risk 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Michael Leone wrote: 
LeRoy Cressy said:

<snip>

for instance:
ftp, http, mail, https, ssh, and etc are the ones that you could have



<snip>

Jan 26 08:07:34 friendly kernel: Dropped Internet IN=eth0 OUT=
	MAC=00:40:05:3a:33:a5:00:02:3b:00:3d:c3:08:00 SRC=80.55.130.78
	DST=66.92.109.218 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=55479
	DF PROTO=TCP SPT=1355 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0



This is an incoming https connection (port 443), right. Why was it
blocked, if you allow https into your web server?


Because I don't have https set up on my apachie server



I think that the port 1434 was the MS SQL worm this weekend. These are 


Correct.



- -- Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\
http://lrcressy.com ( o.o )
Phone: 215-535-4037 > ^ <

gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQE+OZldP+/m2oUBr+oRAiwqAJ9ecaFySOmgZq5fPnnolNNnQGYAMQCfcgGS
RXgIlv58yzYgCZX8YBnLJPs=
=K1XY
-----END PGP SIGNATURE-----

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug