LeRoy Cressy on Fri, 7 Feb 2003 17:07:56 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables and NAT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Mike Leone wrote:
LeRoy Cressy (leroy@lrcressy.com) had this to say on 02/07/03 at 10:01:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mike,

What you are saying is very true, but for some viruses that never go away and keep hitting your box like the Nimda virus which consistantly hits my system from all over the place. Thus I drop those packets before they get to the mail server.


Oh, the string check will work fine for some, such as Nimda. Me, I use a
virus scanner, and also have a check in my postfix that dumps any attachment
that's not a compressed one (zip, sit, etc). This way, the virus scanner has
much less to do. :-)


I also use virus scanners, but if I can block something evil before it gets to the mail server so much the better.



I also drop all unauthorized ssh attempts.


How are you deterining "unauthorized" SSH attempts? Do you mean you limit
SSH access to certain source IPs? Kinda limits you somewhat from checking
your home LAN from whereever you happen to be, doesn't it?


What I consider unauthorized attempts are ones that have previously tried different login names and tried to guess passwords on my system. If you notice that someone somewhere in the world is attempting to login to your system searching for passwords and various login names and their IP address is constant then it would behove you to block ssh from that IP address. This has happened more than once on my system.



It seems that someone in Japan keeps trying to login and port scan my system. Also all telnet attempts are dropped no matter where they come from.


I'll go along with that last. :-)


Also the original question was concerning port forwarding and masquerading. I went a little over board in my response to Scott's question.


It's Linux; that's what we do - stray off-topic and go overboard. :-)

So true

Hope you have a great day :-)

LeRoy
- -- Rev. LeRoy D. Cressy mailto:leroy@lrcressy.com /\_/\
http://lrcressy.com ( o.o )
Phone: 215-535-4037 > ^ <


gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQE+RC1CP+/m2oUBr+oRAiw3AJ0QOOLU/ifFBA/at6JnzeOWVc8kqwCfUcKs
A7JNF7Et48RO/vS5qWMc3pQ=
=PJCo
-----END PGP SIGNATURE-----

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug