ther fact is many people forget to stop outgoing packets which tell the
world lots of stuff.

eg:

ipchains -A output -i $extif -p udp -s 0.0.0.0/0 -d 0.0.0.0/0 445 -j REJECT
ipchains -A output -i $extif -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 445 -j REJECT
ipchains -A output -i $extif -p udp -s 0.0.0.0/0 -d 0.0.0.0/0 137:138 -j
REJECT
ipchains -A output -i $extif -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 137:139 -j
REJECT

or better explicitly reject all outgoing (as you would explicitly deny all
incoming) and allow only services you need to access.

vpn and TS remote admin mode is very secure way to remotely admin a
win2kserver box.

julian

----- Original Message -----
From: "Michael Bordignon" <michael.b@infometrics.co.nz>
To: <richard@cheesemelt.com>; <adsl@unixathome.org>
Sent: Wednesday, April 04, 2001 8:42 AM
Subject: RE: ADSL security

> thats why you secure it :)
>
>
>
> -----Original Message-----
> From: richard@cheesemelt.com [mailto:richard@cheesemelt.com]
> Sent: Wednesday, 4 April 2001 12:45 AM
> To: adsl@unixathome.org
> Subject: RE: ADSL security
>
>
>
> www.dslreports.com/scan shows how many people have their hard drive for
all
> to see when they get port scanned. Got to be a worry.
>
> Actually I'm happier that I have a windows firewall rather than *nix. If
my
> windows box gets broken into, they can't do anything (you know how hard it
> is to do anything with windows remotely), where a broken Linux firewall
can
> do lots of snooping/damage to my internal network.
>
> Richard
>
>
>
>
> > -----Original Message-----
> > From: owner-adsl@unixathome.org [mailto:owner-adsl@unixathome.org]On
> > Behalf Of dan the person
> > Sent: Tuesday, 3 April 2001 11:42 p.m.
> > To: adsl@unixathome.org
> > Subject: ADSL security
> >
> >
> > Heh, i found this amusing after looking into my samba logs that
> > have accumulated over the last 12 months.
> >
> > Hope there are no windows users with internal cards or USB modems
> > who have a writeable share on their windows drive.
> >
> > [root@insomniac samba]$ grep "couldn't find service c" *
> > log.05: 05 (210.218.232.166) couldn't find service c
> > log.05: 05 (210.218.232.166) couldn't find service c
> > log.10: 10 (210.108.33.140) couldn't find service c
> > log.10: 10 (210.108.33.140) couldn't find service c
> > log.13: 13 (210.98.236.206) couldn't find service c
>
> >
>
>
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@unixathome.org
> with "unsubscribe adsl" in the body of the message
>
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@unixathome.org
> with "unsubscribe adsl" in the body of the message
>

This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Wed Apr 4 11:40:46 2001