Hallo Liste, da ich in der letzten Zeit vermehrt in dieser Liste gelesen habe, daß es häufig zu Port-Scans bei neu entdeckten Bugs in div. Software kommt, möchte ich auf meinem LinuxRechner(SuSE 6.4, Server im LAN, Gateway zum I-Net) per ipchains die gefährdeten Ports blocken; außerdem soll das System immun gegen BO2K,... Attacken sein. Wo finde ich eine Sammlung oder Literatur darüber, um welche Ports es ich bei BO2K... handelt, wo darüber, welche Bugs welche Ports unsicher machen ? (in /etc/services und /etc/protocols habe ich schon nachlesen, aber es gibt ja immer neue Bugs und BO2K-Abkömmlinge) Vielen Dank für eure Bemühungen Dominic Burger
I-Net) per ipchains die gefährdeten Ports blocken; außerdem soll das
Wo finde ich eine Sammlung oder Literatur darüber, um welche Ports es ich
Sicherer ist, ALLE Ports zu blockieren und dann nur die Ports in der Richtung wieder aufzumachen, die wirklich gebraucht werden. mfg ar -- mailto:andreas@rittershofer.de http://www.rittershofer.de PGP-Public-Key http://www.rittershofer.de/ari.htm
SuSE-Security is an english mailing list. Maybe SuSE should note this on the website and on some other places, since so many people are doing wrong postings...
I-Net) per ipchains die gefährdeten Ports blocken; außerdem soll das
Wo finde ich eine Sammlung oder Literatur darüber, um welche Ports es ich
Sicherer ist, ALLE Ports zu blockieren und dann nur die Ports in der Richtung wieder aufzumachen, die wirklich gebraucht werden.
mfg ar
-- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
On Sat, Apr 07, 2001 at 15:31 +0200, Dominic Burger wrote:
da ich in der letzten Zeit vermehrt in dieser Liste gelesen habe, [ ... ]
You should have noticed that this list is speaking English so that non German subscribers can follow it, too.
daß es häufig zu Port-Scans bei neu entdeckten Bugs in div. Software kommt, möchte ich auf meinem LinuxRechner(SuSE 6.4, Server im LAN, Gateway zum I-Net) per ipchains die gefährdeten Ports blocken; außerdem soll das System immun gegen BO2K,... Attacken sein.
"Blocking the dangerous ports" will *NOT* work. Make blocking your default policy and let through what's _known_ to be _necessary._ Identify what you need (you will notice it's almost nothing -- very much like browsing all the software packages at installation time ...) and act appropriately. Plus subscribe to security lists for the software you use (it looks like you already did so for your distro) and maybe some general lists like Bugtraq. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
-----Ursprüngliche Nachricht----- Von: Gerhard Sittig [mailto:Gerhard.Sittig@gmx.net] Gesendet: Samstag, 7. April 2001 21:29
... schnipp ...
Plus subscribe to security lists for the software you use (it looks like you already did so for your distro) and maybe some general lists like Bugtraq.
I did so a while ago. Funny is, that the mailserver, from which the bugtraq-list is distributed, has an entry in the ORBS-database. So my mailserver, which is configured to _not allow_ mails from hosts being in this database, denied these mails. I wrote several times to bugtraq to check their system and to be taken out of this database, but never got any reply besides the standard answer (we received your mail, bla bla bla...) So, how serious should I take a security-mailinglist which uses unsecure mailservers ? f.ex. Would you hire a network-administrator whose own network is down and which he can't get to work ? Me not ! I know this has not much to do with suse-security, but I think this is something that should be known... yours Stephan.
"OKDesign oHG Security Webmaster" <security@okdesign.de> writes:
Funny is, that the mailserver, from which the bugtraq-list is distributed, has an entry in the ORBS-database.
While I've heard that ORBS catches a lot of spam, it is also run by an individual who has been known on a number of occasions to add entries out of spite or as part of a personal agenda unrelated to blocking open relays. I would never use orbs as anything more than informational, and encourge everyone else to do the same. Brian.
-----Ursprungliche Nachricht----- Von: bedmonds@antarcti.ca [mailto:bedmonds@antarcti.ca] Gesendet: Sonntag, 8. April 2001 18:38
While I've heard that ORBS catches a lot of spam, it is also run by an individual who has been known on a number of occasions to add entries out of spite or as part of a personal agenda unrelated to blocking open relays. I would never use orbs as anything more than informational, and encourge everyone else to do the same.
Well, my experience is different. Once upon a time *gg* my mailserver was also open for relay and I received a mail from ORBS that my server was entered. I contacted the website of the board and the webmaster directly. On the website you can find, who gave the information about the unsecure webserver to ORBS. We contacted this person and were told what happened. So, for every entry in the database, you can see who is "responsible" for it. If there should be any entry which shouldn't be there you can find out what happened and let the netry be deleted. BTW: On the website you can enter the IP of your server and the server will be re-tested automatically. If there should be no open relay, the entry will be deleted, also automatically. So, I can't see any problem... yours --- Stephan
On Sun, Apr 08, 2001 at 07:33:27PM +0200, OKDesign oHG Security Webmaster wrote:
-----Ursprungliche Nachricht----- Von: bedmonds@antarcti.ca [mailto:bedmonds@antarcti.ca] Gesendet: Sonntag, 8. April 2001 18:38
While I've heard that ORBS catches a lot of spam, it is also run by an individual who has been known on a number of occasions to add entries out of spite or as part of a personal agenda unrelated to blocking open relays. I would never use orbs as anything more than informational, and encourge everyone else to do the same.
Well, my experience is different.
So it seems like you can listen to the experience of others so you can receive Bugtraq mail or you can go on being amongst the ORBS faithful, disregarding what anyone else has to say about it. If you really want to learn about ORBS, check the qmail list archives. ORBS comes up quite a lot. -- David Benfell benfell@parts-unknown.org --- Resume available at http://www.parts-unknown.org/resume.html
participants (7)
-
Andreas Rittershofer -
Brian Edmonds -
David Benfell -
Dominic Burger -
Gerhard Sittig -
Markus Gaugusch -
OKDesign oHG Security Webmaster