Mike Leone on Fri, 7 Feb 2003 15:58:50 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables and NAT


LeRoy Cressy (leroy@lrcressy.com) had this to say on 02/07/03 at 10:01: 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Mike,
> 
> What you are saying is very true, but for some viruses that never go 
> away and keep hitting your box like the Nimda virus which consistantly 
> hits my system from all over the place.  Thus I drop those packets 
> before they get to the mail server.

Oh, the string check will work fine for some, such as Nimda. Me, I use a
virus scanner, and also have a check in my postfix that dumps any attachment
that's not a compressed one (zip, sit, etc). This way, the virus scanner has
much less to do. :-)

> I also drop all unauthorized ssh attempts. 

How are you deterining "unauthorized" SSH attempts? Do you mean you limit
SSH access to certain source IPs? Kinda limits you somewhat from checking
your home LAN from whereever you happen to be, doesn't it?

> It seems that someone in 
> Japan keeps trying to login and port scan my system.  Also all telnet 
> attempts are dropped no matter where they come from.

I'll go along with that last. :-)

> Also the original question was concerning port forwarding and 
> masquerading.  I went a little over board in my response to Scott's 
> question.

It's Linux; that's what we do - stray off-topic and go overboard. :-)

Attachment: pgpvjuyrYsTKV.pgp
Description: PGP signature