On Wed, 2004-10-27 at 13:00 -0400, James Kosin wrote: > I took a simpler approach. > Well yes, that is *simpler* but it is in no way better. It's also very basic... in fact, that's the basic procedure for *any* firewall (close everything then open up what you need), and that's how my firewall is setup too. No news here. The Portsentry setup is to block those people who are going to attack services I *do* run, since they will normally try to attack others as well. So the guy who is going to test SSH for exploits, and try all sorts of stuff on my Apache server, and see if he can get to Sendmail... is also likely to trigger a hostile port and get deep-sixed for 48 hours. No iptables ruleset on Earth can protect you from attacks to an open port on which you have a service listening. That job is up to the process listening on the port. But you can attempt to find a way to block those people before or during their probes... my Portsentry mechanism is one such attempt, and has been highly successful for me as an additional layer of defense over the last two years or so. > 1. Setup iptables with the following > iptables -A INPUT -i lo -j ACCEPT # this allows local loop > interface to always work. > Most clients, #1 above is enough to block all attacks. > No way. #1 above has nothing to do with any external attacks. And indeed closing all ports by default is just a precaution, since there should be nothing listening on those ports *anyway* and thus there should be nothing to crack except the services you do run. So in the end, your primary risk comes from the services you offer being cracked or rooted. Again, no iptables ruleset on Earth can protect you from that. Cheers, -- Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
