[NTLUG:Discuss] Anyone runs ftp, mail server, httpd and get catched from @home
Cameron
hrothgar at endor.hsutx.edu
Thu Jan 11 11:00:32 CST 2001
* egbert at efficient.com [2001.01.10 17:25]:
: Actually, I think you would have a better chance of coverage if you do the
: following:
:
: /etc/hosts.deny
: ALL: tci.net, tci.com, home.net, att.net
:
:
: HOME.NET is used frequently by @Home corporate and network operation center.
:
: But, as a warning, this hosts.deny would not stop unregistered IP address or
: contracted security-scanner hosts.
:
: S
Actually, the better way to cover you butt is this:
/etc/hosts.deny
ALL: ALL
/etc/hosts.allow
ALL: 127.0.0.1
sshd: 10.10.2.
Where your hosts.allow is a list of services and IPs/networks you
"trust". And of course, use firewalling. There is a *massive*
firewalling script on freshmeat that I usually steal ideas from. It's
way to complicated/bloated for my general usages, but you can check it
out here: http://freshmeat.net/projects/rc.firewall/
--
cameron
[ I spilled spot remover on my dog. He's gone now. ]
More information about the Discuss
mailing list