Re: [ILUG] redhat 7.3 and network q's

From: Ronan Waide (waider at domain waider.ie)
Date: Sun 07 Jul 2002 - 21:50:12 IST

• Next message: Paul O'Neil: "RE: [ILUG] Compile Kernel"
• Previous message: Tom Mackey: "Re: [ILUG] Creating Block Devices"
• In reply to: kevin lyda: "[ILUG] redhat 7.3 and network q's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On June 19, kevin at domain ie.suberic.net said:
> first, the following is how i set up the network security on my 7.3 box.
> not sure if this is the best way to do it - particularly in light of
> the problems i describe later on. comments?

Yes, almost a month later, your cow orker replies. Jeez. Slow email in
these parts, or something. Anyway. To set up my own internet-facing
box to my satisfaction, I did this:

1. Log into something out in the real world and portscan my box.
2. Find out what the services are that I don't need/recognize, kill
   them.
3. Configure the services that I do need to not listen on the
   Internet-side interface (i.e. ppp0), unless they're specifically
   needed there. Anything that can't be so configured is configured to
   require authentication and/or require access only from my internal
   network [1]. Anything that STILL can't be configured according to
   any of these options, I figure out if I really really need it,
   discover that I don't, and can the service in question.

That pretty much covered me and my little dialup server. I don't have
any ipchains or iptable or ipwotsit rules; I occasionally hang a
tcpdump process off the ppp interface to see what's keeping it up and
running (you'd be surprised. I had to phone an office in the UK to ask
them to stop their GRE tunnel from trying to connect to my
server. /they/ were pretty surprised.) and I occasionally run
honeypots for things like NIMDA (more of a venus flytrap. It calls
back on the incoming connection and attempts to use the nimda
infection to disable the server in question). My main reason for not
using ipchains/iptables is that I don't want to find that my server is
hanging its arse out in the breeze because I forgot to enable the
firewalling rules.

Comments on this approach would also be appreciated.

Waider. Oh, I do use iptables. I have to NAT the eth network out through ppp0.

[1] This always reminds me of the should-have-been-Steven-Wright line,
    "I got an internal modem fitted, now it hurts when I walk"

-- 
waider at domain waider.ie / Yes, it /is/ very personal of me.
"this is wonky. i am using pentium based linux system to make a 68000
 executable with the source and .o and smbfs mounted dir from an NT server and
 the includes from a NFS server" - Jonathan Vail

• Next message: Paul O'Neil: "RE: [ILUG] Compile Kernel"
• Previous message: Tom Mackey: "Re: [ILUG] Creating Block Devices"
• In reply to: kevin lyda: "[ILUG] redhat 7.3 and network q's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:17:43 GMT