[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] ipchains logic/philosophy question

When a service is not running the server does respond. It rejects the
request. That can help a potential attacker map your network. A DENY
just drops the packet, which means that the attacker doesn't get a
response, as if your machine wasn't there at all.
As for DENYing access to telnet and ftp ports (SSH and other login
services should be lumped in there as well) it should be used as a
limiter to narrow down the amount of people that can use them.

If you know that there are only 2 people besides yourself that are going
to use SSH, it's good practice to limit the access to the 3 ip addresses
you are coming from. No reason to let the rest of the world in as well.



Shannon Johnston


On Tue, 2002-10-15 at 17:13, Paul Warner wrote:
> I have reviewed the docs on ipchains and am ready to implement it on a
> server, but am still confused as to its real purpose.  Were the host acting
> as a router and using the chains to allow/forward/deny access to internal
> resources as well as public ones, I would be OK with it...if a standalone
> leased server is acting as a public device hosting DNS, v-servers, SMTP, POP
> and other service are not started (verified with a port-scan), what purpose
> does ipchains serve in DENYing access to the telnet and ftp ports, other
> than to log the intrusion when someone hits that port?  The server does not
> have these daemons running, so there's no question that it won't respond to
> them.
> 
> Obviously I'm missing something here...
> 
> -- P
> 
> 
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
-- 
"Tetris is so unrealistic."