need a volunteer
Kerry Hoath
kerry at gotss.eu.org
Sat Oct 28 02:43:57 EDT 2000
Be aware that when a port is open it has to respond correctly in the
3-way handshake so that machines can connect to it. Regarding pop if you must
have pop3 service; use apop or md5 style authentication.
I'd think it better to block incoming pop on the cable interface
and use imap with cram-md5 authentication but that isn't trivial to configure.
Regards, Kerry.
On Sat, Oct 28, 2000 at 02:23:35AM -0400, Frank J. Carmickle wrote:
> Ok Brian.
> How secure do you want this machine that lives on the wonderfully unsecure
> network of athome? I would imagine that you want something that's a
> little tighter then what you have right now. When I portscan you I see 21
> 23 24 80 110 and 113. Looks everything else is closed up. My
> recommendation to you is to get ssh on your box and forget about telnet
> and ftp for starters. Why you have pop3 waiting for connections is
> something else I would think you would want shut down. If you really need
> http keep it. However if you have another machine that you can
> specifically set up as a firewall you will be a lot happier to know that
> all of the trafic to your http server can be logged. Same goes for
> everything else.
>
> One thing that you really also want to have happening is some ipchains
> rules setup so that your machine doesn't respond to portscans or ping
> requests. This should fool most people looking around to find someone
> valnerable. I'll post a ipchain rule set that has a lot of this done for
> you already. Then Kerry can go over it with a fine tooth comb and tell me
> what's wrong with it.
>
> HTH
> FC
>
>
> On Fri, 27 Oct 2000, brian Moore wrote:
>
> > Greetings all. okay finally got my linux box up and all my services
> > running the way I want. my mail server is finally doing what I want. I
> > think i have all my ipchains rules setup right and pluged all the security
> > holes I know of. the one I'm not clear on is my port 25 security. if this
> > machine ever becomes a spam host, I will have to shoot myself so I want to
> > make real sure that no one except those in my local network can use it.
> > probably asking for trouble but got all my logging on verbose to see what
> > happens. can someone try and use my smtp server and see if you can. if
> > you notice anything else, let me know as well.
> >
> > would really apreciate it.
> >
> > host is bmoore.yi.org
> > thanks. brian.
> >
> >
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup at braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
--
--
Kerry Hoath: kerry at gotss.eu.org
Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au
ICQ UIN: 62823451
More information about the Speakup
mailing list