need a volunteer
Brent Harding
bharding at ufw2.com
Sat Oct 28 15:26:12 EDT 2000
Does sftp work similar to regular ftp? I've heard another bad service to
leave running is tftp, as I've heard it's unauthenticated anyways. I'd
probably leave pop open, ftp only if I really needed a place to put files
for anonymous ftp, download only of course. Can most programs people use
handle the nonstandard authentication that would make pop safer, like apop
or md5?
In email clients I've used, I've never found settings for md5, but I think
eudora has apop.
At 03:52 AM 10/28/00 -0700, you wrote:
>Hey, FC!
>Can you please attach this file with chain rules for me as well?
>WOuld be much grateful.
>
>Why did you say to shutdown the 110 and 113 ports. They are used for serving
>POP3 client. Don't you need to get your Email once in a while? I would
>definitely agree with 23 and 21 to be exchanged for SSH service which also
>provides sftp.
>
>Vic
>
>******* ******* *******
>have you thought of visiting Cybertsar's Internet Kingdom? It is still
>alive!
>Here is the URL:
>http://go.to/vtsaran
>or
>http://kickme.to/vtsaran
>
>******* ******* *******
>----- Original Message -----
>From: "Frank J. Carmickle" <frankiec at braille.uwo.ca>
>To: "brian Moore" <admin at bmoore.yi.org>
>Cc: <speakup at braille.uwo.ca>
>Sent: Friday, October 27, 2000 11:23 PM
>Subject: Re: need a volunteer
>
>
>> Ok Brian.
>> How secure do you want this machine that lives on the wonderfully unsecure
>> network of athome? I would imagine that you want something that's a
>> little tighter then what you have right now. When I portscan you I see 21
>> 23 24 80 110 and 113. Looks everything else is closed up. My
>> recommendation to you is to get ssh on your box and forget about telnet
>> and ftp for starters. Why you have pop3 waiting for connections is
>> something else I would think you would want shut down. If you really need
>> http keep it. However if you have another machine that you can
>> specifically set up as a firewall you will be a lot happier to know that
>> all of the trafic to your http server can be logged. Same goes for
>> everything else.
>>
>> One thing that you really also want to have happening is some ipchains
>> rules setup so that your machine doesn't respond to portscans or ping
>> requests. This should fool most people looking around to find someone
>> valnerable. I'll post a ipchain rule set that has a lot of this done for
>> you already. Then Kerry can go over it with a fine tooth comb and tell me
>> what's wrong with it.
>>
>> HTH
>> FC
>>
>>
>> On Fri, 27 Oct 2000, brian Moore wrote:
>>
>> > Greetings all. okay finally got my linux box up and all my services
>> > running the way I want. my mail server is finally doing what I want. I
>> > think i have all my ipchains rules setup right and pluged all the
>security
>> > holes I know of. the one I'm not clear on is my port 25 security. if
>this
>> > machine ever becomes a spam host, I will have to shoot myself so I want
>to
>> > make real sure that no one except those in my local network can use it.
>> > probably asking for trouble but got all my logging on verbose to see
>what
>> > happens. can someone try and use my smtp server and see if you can. if
>> > you notice anything else, let me know as well.
>> >
>> > would really apreciate it.
>> >
>> > host is bmoore.yi.org
>> > thanks. brian.
>> >
>> >
>> >
>> > _______________________________________________
>> > Speakup mailing list
>> > Speakup at braille.uwo.ca
>> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
>> >
>>
>>
>> _______________________________________________
>> Speakup mailing list
>> Speakup at braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
>_______________________________________________
>Speakup mailing list
>Speakup at braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
>
More information about the Speakup
mailing list