Re: [PLUG] iptables and NAT

LeRoy Cressy on Fri, 7 Feb 2003 17:07:56 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables and NAT

From: LeRoy Cressy <leroy@lrcressy.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] iptables and NAT

Date: Fri, 07 Feb 2003 17:03:34 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mike Leone wrote:
LeRoy Cressy (leroy@lrcressy.com) had this to say on 02/07/03 at 10:01:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Hi Mike,

What you are saying is very true, but for some viruses that never go away and keep hitting your box like the Nimda virus which consistantly hits my system from all over the place. Thus I drop those packets before they get to the mail server.

Oh, the string check will work fine for some, such as Nimda. Me, I use a virus scanner, and also have a check in my postfix that dumps any attachment that's not a compressed one (zip, sit, etc). This way, the virus scanner has much less to do. :-)

I also use virus scanners, but if I can block something evil before it gets to the mail server so much the better.

I also drop all unauthorized ssh attempts.

How are you deterining "unauthorized" SSH attempts? Do you mean you limit SSH access to certain source IPs? Kinda limits you somewhat from checking your home LAN from whereever you happen to be, doesn't it?

What I consider unauthorized attempts are ones that have previously tried different login names and tried to guess passwords on my system. If you notice that someone somewhere in the world is attempting to login to your system searching for passwords and various login names and their IP address is constant then it would behove you to block ssh from that IP address. This has happened more than once on my system.

It seems that someone in Japan keeps trying to login and port scan my system. Also all telnet attempts are dropped no matter where they come from.

I'll go along with that last. :-)

Also the original question was concerning port forwarding and masquerading. I went a little over board in my response to Scott's question.

It's Linux; that's what we do - stray off-topic and go overboard. :-)

So true

Hope you have a great day :-)

LeRoy - -- Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\ http://lrcressy.com ( o.o ) Phone: 215-535-4037 > ^ <

gpg fingerprint: 62DE 6CAB CEE1 B1B3 359A 81D8 3FEF E6DA 8501 AFEA

Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQE+RC1CP+/m2oUBr+oRAiw3AJ0QOOLU/ifFBA/at6JnzeOWVc8kqwCfUcKs A7JNF7Et48RO/vS5qWMc3pQ= =PJCo -----END PGP SIGNATURE-----

_________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

Follow-Ups:

RE: [PLUG] iptables and NAT
From: "Eugene Smiley" <eugene@esmiley.net>

References:

[PLUG] iptables and NAT
From: "Ziegler, Scott" <scott_ziegler@merck.com>

Re: [PLUG] iptables and NAT
From: LeRoy Cressy <leroy@lrcressy.com>

Re: [PLUG] iptables and NAT
From: "Michael Leone" <turgon@mike-leone.com>

Re: [PLUG] iptables and NAT
From: LeRoy Cressy <leroy@lrcressy.com>

Re: [PLUG] iptables and NAT
From: Mike Leone <turgon@mike-leone.com>

Prev by Date: [PLUG] Re: cd vendors that support debian

Next by Date: Re: [PLUG] Re: cd vendors that support debian

Previous by thread: Re: [PLUG] iptables and NAT

Next by thread: RE: [PLUG] iptables and NAT

Index(es):

Date

Thread