need a volunteer

Brent Harding bharding at ufw2.com
Sat Oct 28 15:21:35 EDT 2000


Regarding security on cable, is it really an issue that if things aren't
set up right that people down the street from you have easier access to
your machine because all those machines down the street are one big
network? I'm not sure if roadrunner works the same as athome, but I've
heard of this online. My friend who uses roadrunner claims to have had his
clock fiddled around with in windows, discovering the error when he tried
to reboot and it gave the message of other users connected on the system,
and network neighborhood brought him to a dos box.
In windows, ports 135, 138, and 139 are probably always open, but you can't
do much too usefull with them.
At 05:43 PM 10/28/00 +1100, you wrote:
>Be aware that when a port is open it has to respond correctly in the
>3-way handshake so that machines can connect to it. Regarding pop if you must
>have pop3 service; use apop or md5 style authentication.
>I'd think it better to block incoming pop on the cable interface
>and use imap with cram-md5 authentication but that isn't trivial to
configure.
>
>Regards, Kerry.
>On Sat, Oct 28, 2000 at 02:23:35AM -0400, Frank J. Carmickle wrote:
>> Ok Brian.
>> How secure do you want this machine that lives on the wonderfully unsecure
>> network of athome?  I would imagine that you want something that's a
>> little tighter then what you have right now.  When I portscan you I see 21
>> 23 24 80 110 and 113.  Looks everything else is closed up.  My
>> recommendation to you is to get ssh on your box and forget about telnet
>> and ftp for starters.  Why you have pop3 waiting for connections is
>> something else I would think you would want shut down.  If you really need
>> http keep it.  However if you have another machine that you can
>> specifically set up as a firewall you will be a lot happier to know that
>> all of the trafic to your http server can be logged.  Same goes for
>> everything else.  
>> 
>> One thing that you really also want to have happening is some ipchains
>> rules setup so that your machine doesn't respond to portscans or ping
>> requests.  This should fool most people looking around to find someone
>> valnerable.  I'll post a ipchain rule set that has a lot of this done for
>> you already.  Then Kerry can go over it with a fine tooth comb and tell me
>> what's wrong with it.
>> 
>> HTH
>> FC
>> 
>> 
>> On Fri, 27 Oct 2000, brian Moore wrote:
>> 
>> > Greetings all.  okay finally got my linux box up and all my services
>> > running the way I want.  my mail server is finally doing what I want.  I
>> > think i have all my ipchains rules setup right and pluged all the
security
>> > holes I know of.  the one I'm not clear on is my port 25 security.  if
this
>> > machine ever becomes a spam host, I will have to shoot myself so I
want to
>> > make real sure that no one except those in my local network can use it.
>> > probably asking for trouble but got all my logging on verbose to see what
>> > happens.  can someone try and use my smtp server and see if you can.  if
>> > you notice anything else, let me know as well.
>> > 
>> > would really apreciate it.
>> > 
>> > host is bmoore.yi.org
>> > thanks.  brian.
>> > 
>> > 
>> > 
>> > _______________________________________________
>> > Speakup mailing list
>> > Speakup at braille.uwo.ca
>> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
>> > 
>> 
>> 
>> _______________________________________________
>> Speakup mailing list
>> Speakup at braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>-- 
>--
>Kerry Hoath: kerry at gotss.eu.org
>Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au
>ICQ UIN: 62823451
>
>
>_______________________________________________
>Speakup mailing list
>Speakup at braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
>





More information about the Speakup mailing list