FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 11-10-2008, 07:35 PM
Manuel Gomez
 
Default About my Firewall Settings - I would like an opinion

Sam Kuper escribió:

> 2008/11/10 Sam Kuper <sam.kuper@uclmail.net
> <mailto:sam.kuper@uclmail.net>>
>
> By using REJECT instead of DROP, you have no stealth. This means
> you can be port-scanned to look for weaknesses, e.g. unpatched
> OpenSSH vulnerabilities, etc.
>
>
> That said, if SSH traffic is blocked, an OpenSSH vuln. might not be
> significant. If you're allowing and inbound traffic, though, any
> unpatched flaws in the app servicing that inbound traffic could expose
> your system to attack.
>
> Also, by REJECTing rather than DROPping, you might be more vulnerable
> to DoS attacks.
>
> Consider using a default (LOG and) DROP policy instead. Michael Rash's
> site (www.cipherdyne.org <http://www.cipherdyne.org>) has some good
> resources for learning about this and implementing it.
Ok, i have set default policy in DROP. What more could I do?

Thank you very much.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-10-2008, 07:41 PM
Manuel Gomez
 
Default About my Firewall Settings - I would like an opinion

Sam Kuper escribió:

> 2008/11/10 Sam Kuper <sam.kuper@uclmail.net
> <mailto:sam.kuper@uclmail.net>>
>
> By using REJECT instead of DROP, you have no stealth. This means
> you can be port-scanned to look for weaknesses, e.g. unpatched
> OpenSSH vulnerabilities, etc.
>
>
> That said, if SSH traffic is blocked, an OpenSSH vuln. might not be
> significant. If you're allowing and inbound traffic, though, any
> unpatched flaws in the app servicing that inbound traffic could expose
> your system to attack.
>
> Also, by REJECTing rather than DROPping, you might be more vulnerable
> to DoS attacks.
>
> Consider using a default (LOG and) DROP policy instead. Michael Rash's
> site (www.cipherdyne.org <http://www.cipherdyne.org>) has some good
> resources for learning about this and implementing it.
I have set the default policy in DROP.

What more could i do?

Thank you very much, i appreciate your help.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 07:14 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org