HI Bruce et al... On Saturday 23 November 2002 19:05, Bruce Marshall wrote:

On Saturday 23 November 2002 8:25 am, James Hatridge wrote:

...

My setup is my system "Opus" is connected to the 'net by a 56k modem. My wife's system "CW" is connected to Opus by a home net. Opus is running a standard install (with X) of SuSE 8.1 and CW is runnning a standard (no X) install of SuSE 7.2. Can someone give a simple 123 example of getting CW on to the 'net. Also is it needed for Opus to run a firewall? I've never needed one, but what I've read looks like I will need to start one for masquerading.

Never needed a firewall?? That's like saying you don't need locks on the doors of your house because you've never been robbed... Until you are robbed...

Well, I've used Linux only to connect to the 'net since October '98 and I've never had a problem. Of course I'm only on the 'net about 30 minutes per day. What could happen in that short time? (This is an honest question, do tell me if anything could happen. )

By the way, if you end up running SuSEfirewall2, make sure you get the updates. It is broken as it comes out of the box on 8.1, at least in my opinion.

I'll send you my SuSEfirewall2 config off-list. Please do that for me.

Thanks JIM -- Jim Hatridge Linux User #88484 ------------------------------------------------------ BayerWulf Linux System # 129656 The Recycled Beowulf Project Looking for throw-away or obsolete computers and parts to recycle into a Linux super computer

On Saturday 23 November 2002 13:56 pm, James Hatridge wrote:

Well, I've used Linux only to connect to the 'net since October '98 and I've never had a problem. Of course I'm only on the 'net about 30 minutes per day. What could happen in that short time? (This is an honest question, do tell me if anything could happen. )

Somewhere on this list (or another) within the past week I read that one person's experience was that 'someone would attempt knocking on his (computer) door' within 15 mins of going on line, on a regular basis. I don't watch the logs that closely anymore but the last time I did, someone was trying to get into my machine about 9 times a day on average. There are a lot of 'exploits' out on the net where a script-kiddie can download soemthing that can break into your computer within seconds if your door is wide open and you're running the software for which the exploit was written. In any case... it *is* possible to have your machine wiped within any 30 minute period you might be online... (or whatever other trick they want to pull) -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 11/23/02 16:22 + +----------------------------------------------------------------------------+ "Never say anything more predictive than "Watch this!"

On Saturday 23 November 2002 20:28 pm, zentara wrote:

On Sat, 23 Nov 2002 16:25:52 -0500

Bruce Marshall wrote:

...

On Saturday 23 November 2002 13:56 pm, James Hatridge wrote:

...

Well, I've used Linux only to connect to the 'net since October '98 and I've never had a problem. Of course I'm only on the 'net about 30 minutes per day. What could happen in that short time? (This is an honest question, do tell me if anything could happen. )

Somewhere on this list (or another) within the past week I read that one person's experience was that 'someone would attempt knocking on his (computer) door' within 15 mins of going on line, on a regular basis. I

Yeah, most people will get regularly scanned when they are on the net. I'll bet the government does alot of that. I run stealth mode, and only log critical drops, and I see some unknown ip address is trying to access oddball ports on my machine occaisionally.

...

In any case... it *is* possible to have your machine wiped within any 30 minute period you might be online... (or whatever other trick they want to pull)

I wonder if that is true. Theoretically, if you have your services shut down, you are not running online as root, and your pppd daemon dosn't have a security flaw, it would be hard for someone on the net to get into your machine. But most people have their printer service going, and most newbies have almost every default service turned on. This definitely opens you up to Denial of Service attacks. All you need to do is visit a website who grabs your referer url, and they can start an automatic port scan on you, or hack away at your mail port to see if they can get an open relay, or they will see if they can hack your ssh server. At the very least, this steals your bandwidth, and can seem to lock up your machine.

Speaking of ssh server... I've never heard anyone else mention placing the ssh port on some high port where it won't be found. I do this routinely and watch happily when someone is beating on port 22. Seems like it should be a normal operation. Not too many people would be opening ssh access to the world.

Of course a firewall is the best method of protection. I just wonder how dangerous it is to be online without a firewall, with all the latest security patches, and running as a normal user. It might be a nice research project project to do this on a number of test machines, and capture everything with something like ethereal, then do an analysis. Of course, I'm not going to volunteer to do this with my machine. :-)

-- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 11/23/02 21:02 + +----------------------------------------------------------------------------+ "Give a man a fish and he will eat for a day. Teach him how to fish, and he will sit in a boat and drink beer all day."

I have an iptables script with iptables -A POSTROUTING -t nat -j MASQUERADE -o eth0. When I issue "iptables -L" command I do not have information related to PORTROUTING chain. Only INPUT FORWARD and OUTPUT chains. Is it OK? POSTROUTING chain is not reported?

Little t On Mon, 2002-11-25 at 06:01, Dan Am wrote:

Am Montag, 25. November 2002 14:19 schrieb Flavio Arthur Leal Ferreira:

...

When I issue "iptables -L" command I do not have information related to PORTROUTING chain.

iptables -t nat -L

hth dan

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

Take a look at www.linuxgurz.net look under iptables... about 2 dozen sample scripts and setups. On Sun, 2002-11-24 at 19:08, Rob Benton wrote:

The link eludes me at the moment but just do a search on it over at http://www.tldp.org

-- kathee

two glasses of wine -- sorry -- it is: www.linuxguruz.org embarrassed, Kat On Sun, 2002-11-24 at 17:14, Rikard Johnels wrote:

On Sunday 24 November 2002 23.09, kathee wrote:

...

www.linuxgurz.net

Dead URL... What is the real one? --

/Rikard

------------------------------------------------------------------------------------ Rikard Johnels email : rjhn@linux.nu Web : http://www.rikjoh.com Mob : +46 70 464 99 39

------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 > -- kathee