Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] is it "safe" ?
  • From: Stephan Martin <s.martin@xxxxxx>
  • Date: Wed, 6 Dec 2000 21:52:19 +0100
  • Message-id: <20001206215219.A8362@xxxxxxxxxxxxxxxxxxx>
HiHo...

> I was asking myself how secure is a system when there are no services
> running on it. I have here a Linux-Box which acts as a Masquerading-Gateway.
> There a no services running on it, just the Masq-Script as described in the
> SuSE Support Database (just the Standard). I haven't worked much with Linux,
> but when no services like WWW or SMTP are running it should be nearly safe
> or not?

I don't tyhink, thats a very good idea. It may be save for this one
machine, but not for all the machines in the internal network.

If we really talk about the same script from the sdb it does nothing more,
than this one command:

ipchains -A forward -i $WORLD_DEV -j MASQ

And this means, that every traffic will be transported without any
filtering(!) like mentioned in the article.

If you have an eye on security issues, you should use SuSEfirewall like
described in the rest of the article and only allow masquerading for some
special services which you really need and block everything from the
outside.

If you are talking about any other script forget the stuff above.

stephan

--
t="\$_='for(\$i=-2;\$_=substr(\"2720ab25409d2500f82310a6272\",\$i+=2,3);){
.~.
/V\ s.martin@xxxxxx
/( )\
^ ~ ^ \$_=\$i++%2?hex:oct;\$_=chr(\$_%(2**2*22));\$_=\$i?lc():{};print;
}';s/\( +\)|[\w\.]+\@[^ ]+|[.\/V~^\\\]+| {2,}//g;eval \$_;" && echo $t|perl
< Previous Next >
References