Re: [suse-security] Re: supplied firewall package robustness
Who are you calling paranoid??? :) BTW, this begs another question. If I notice "strange things" happening, should I notify someone? Ie. I keep getting pings, scans and connects to ports 21,23,53 (ftp,telnet,dns, none of which are used on my system) from the same 4-5 locations. Should I attempt to notify someone in those domains? I would suspec that in those domains, some non-hardened linux install has been compromised and is being used as a base for "recon" scans. Or am I just being paranoid and jumping the gun? Also, since I'm such a newbie to network security what are other good sources of hard data, info, etc? Thanks. -Jason --- Hubert Mantel <mantel@suse.de> wrote:
Hi,
On Fri, Aug 18, Jason P. Stanford wrote:
I have taken a recent and deep interest in network security since installing SuSE 6.4 and OpenBSD on some spare machines in my lab. Of late I have noticed a lot of (possibly) suspicious activity, which probably shouldn't be too suspicious in a university setting. However, I am wondering just how robust and "impervious" the firewal package supplied with SuSE is? I only have ssh listening (on default port 22) through the firewall and a test web server on port 8080 (under my regular user uid and gid with no scripting or cgi by default). All other running daemons/servers are blocked (assumedly) by the firewall. Also, everything is deactivated in /etc/inetd.conf. /etc/hosts.deny is set to ALL: ALL and /etc/hosts.allow is set to sshd: ALL. That's it. Am I pretty safe, or should I still be paranoid? BTW, the machine is not acting as a router or NATS box. It is standalone only.
Given the firewall is setup properly, it sounds quite good. But even with the best firewall, you should always be paranoid. Only the paranoid will survive ;)
-Jason -o) Hubert Mantel Goodbye, dots... /\\ _\_v
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
__________________________________________________ Do You Yahoo!? Yahoo! Mail � Free email you can access from anywhere! http://mail.yahoo.com/
Hi jason,
BTW, this begs another question. If I notice "strange things" happening, should I notify someone? Ie. I keep getting pings, scans and connects to ports 21,23,53 (ftp,telnet,dns, none of which are used on my system) from the same 4-5 locations. Should I attempt to notify someone in those domains? I would suspec that in those domains, some non-hardened linux install has been compromised and is being used as a base for "recon" scans.
I think an email to abuse@bad.domain.com wount hurt anyone.
Or am I just being paranoid and jumping the gun? Also, since I'm such a newbie to network security what are other good sources of hard data, info, etc? Thanks.
There are a lot of good resources for networking security out there... A good start could be Marc's security related bookmark list. http://www.suse.de/~marc/bookmarks.html Regards Alex PS: I dont think this list should be moderated. We sure can handle those few off-topic postings..
participants (2)
-
Alexander Bien -
Jason P. Stanford