need a volunteer
Kerry Hoath
kerry at gotss.eu.org
Sat Oct 28 20:40:17 EDT 2000
Not much; just bluescreen crash or rebbot an unpatched win95 or win98 box
On Sat, Oct 28, 2000 at 02:21:35PM -0500, Brent Harding wrote:
> Regarding security on cable, is it really an issue that if things aren't
> set up right that people down the street from you have easier access to
> your machine because all those machines down the street are one big
> network? I'm not sure if roadrunner works the same as athome, but I've
> heard of this online. My friend who uses roadrunner claims to have had his
> clock fiddled around with in windows, discovering the error when he tried
> to reboot and it gave the message of other users connected on the system,
> and network neighborhood brought him to a dos box.
> In windows, ports 135, 138, and 139 are probably always open, but you can't
> do much too usefull with them.
> At 05:43 PM 10/28/00 +1100, you wrote:
> >Be aware that when a port is open it has to respond correctly in the
> >3-way handshake so that machines can connect to it. Regarding pop if you must
> >have pop3 service; use apop or md5 style authentication.
> >I'd think it better to block incoming pop on the cable interface
> >and use imap with cram-md5 authentication but that isn't trivial to
> configure.
> >
> >Regards, Kerry.
> >On Sat, Oct 28, 2000 at 02:23:35AM -0400, Frank J. Carmickle wrote:
> >> Ok Brian.
> >> How secure do you want this machine that lives on the wonderfully unsecure
> >> network of athome? I would imagine that you want something that's a
> >> little tighter then what you have right now. When I portscan you I see 21
> >> 23 24 80 110 and 113. Looks everything else is closed up. My
> >> recommendation to you is to get ssh on your box and forget about telnet
> >> and ftp for starters. Why you have pop3 waiting for connections is
> >> something else I would think you would want shut down. If you really need
> >> http keep it. However if you have another machine that you can
> >> specifically set up as a firewall you will be a lot happier to know that
> >> all of the trafic to your http server can be logged. Same goes for
> >> everything else.
> >>
> >> One thing that you really also want to have happening is some ipchains
> >> rules setup so that your machine doesn't respond to portscans or ping
> >> requests. This should fool most people looking around to find someone
> >> valnerable. I'll post a ipchain rule set that has a lot of this done for
> >> you already. Then Kerry can go over it with a fine tooth comb and tell me
> >> what's wrong with it.
> >>
> >> HTH
> >> FC
> >>
> >>
> >> On Fri, 27 Oct 2000, brian Moore wrote:
> >>
> >> > Greetings all. okay finally got my linux box up and all my services
> >> > running the way I want. my mail server is finally doing what I want. I
> >> > think i have all my ipchains rules setup right and pluged all the
> security
> >> > holes I know of. the one I'm not clear on is my port 25 security. if
> this
> >> > machine ever becomes a spam host, I will have to shoot myself so I
> want to
> >> > make real sure that no one except those in my local network can use it.
> >> > probably asking for trouble but got all my logging on verbose to see what
> >> > happens. can someone try and use my smtp server and see if you can. if
> >> > you notice anything else, let me know as well.
> >> >
> >> > would really apreciate it.
> >> >
> >> > host is bmoore.yi.org
> >> > thanks. brian.
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > Speakup mailing list
> >> > Speakup at braille.uwo.ca
> >> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >> >
> >>
> >>
> >> _______________________________________________
> >> Speakup mailing list
> >> Speakup at braille.uwo.ca
> >> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
> >--
> >--
> >Kerry Hoath: kerry at gotss.eu.org
> >Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au
> >ICQ UIN: 62823451
> >
> >
> >_______________________________________________
> >Speakup mailing list
> >Speakup at braille.uwo.ca
> >http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
> >
> >
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
--
--
Kerry Hoath: kerry at gotss.eu.org
Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au
ICQ UIN: 62823451
More information about the Speakup
mailing list