[TriLUG] Security question
Christopher Knowles
knowlesc at telocity.com
Mon Aug 13 21:42:09 EDT 2001
On Monday 13 August 2001 08:25 pm, you wrote:
> Chris Knowles [knowlesc at telocity.com] wrote:
> > I've got a question for all the security conscious people out there...
> >
> > If you are running telnet and an unpatched WU-FTPD and need to have CVS
> > pserver running...
>
> And your IP address is...?
127.0.0.1 (Which brings me to a humorous anecdote. When I was in College,
this neophyte Pr0N Hax0R was talking about all these great FTP sites he'd
been going to for the best Pr0N. He'd setup his own server on his box... and
he wanted to know what the best server we were aware of was. We started
talking up this server, it had Gigabytes of data. (this was 1994) he was
all excited... asked for the IP. told him... 127.0.0.1. The next day he
came up to us and told us he was disappointed, it seems that that server only
had stuff he had seen before. True story.)
>
> > So, is it better to have a firewall that drops almost everything to the
> > ground, or one that is open until it detects a scan? My gut says to drop
> > everything, if they can't get in they can't get in. But, it's kinda neat
> > to see the attempted scans.
>
> I think it's much better to just drop everything on the floor.
> You'll have your iptables logs, and you can pretty easily
> deduce a scan from them.
>
> Frankly, I don't care about the packets that don't get through. I
> care much more about the ones that -do- get through. Watching the
> port scans is fun for a few days, but it gets old. I think
> you'll be much better off just reading your firewall logs and
> dropping all.
>
> Mike
Yeah, that's the direction I was leaning in. I just figured enough that if
there was a good reason to do it the other way someone out there would be
happy to correct me.
CJK
More information about the TriLUG
mailing list