need a volunteer
Kerry Hoath
kerry at gotss.eu.org
Sat Oct 28 20:36:10 EDT 2000
You might want to put an interface specifier on these rules;
otherwise somebody upstream can spoof ips through your firewall by making
internal ips show up on the external interface so di bind the rule to a
particular interface. This was a big problem with MS proxy 2
that wouldn't let you specify an interface for a particular rule.
On Sat, Oct 28, 2000 at 01:40:23PM -0500, Kirk Wood wrote:
> By the way any port can be instantly closed with ipchains. Again the
> general method is:
>
> ipchains -A input -p tcp -d your_ip_address:port -j DENY
>
> This will drop the packet as if it never occured. You can change the last
> part to REJECT in which case an icmp message is sent back to the
> originating host. But if you DENY the packet a port scanner won't see your
> machine. Don't rely on this to say you won't be attacked. It just lowers
> your profile.
>
> By the way, while ATT at Home is less secure then some ISPs, the internet
> in general is a hostile world. If you really want to secure against it cut
> the connection. Next would be to find an ISP that will place you behind
> their firewall.
>
> =======
> Kirk Wood
> Cpt.Kirk at 1tree.net
>
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
--
--
Kerry Hoath: kerry at gotss.eu.org
Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au
ICQ UIN: 62823451
More information about the Speakup
mailing list