[NTLUG:Discuss] Anyone runs ftp, mail server, httpd and get catched from @home
Steve Egbert
egbert at efficient.com
Thu Jan 11 11:16:13 CST 2001
That is the best over-protective idea I've seen in a while.
It would stunt YOUR ability to access your box from anywhere (particularily
from LAX or OHA airport wireless terminal drop).
Steve
> -----Original Message-----
> From: Cameron [mailto:hrothgar at endor.hsutx.edu]
> Sent: Thursday, January 11, 2001 11:01 AM
> To: discuss at ntlug.org
> Subject: Re: [NTLUG:Discuss] Anyone runs ftp, mail server,
> httpd and get
> catched from @home
>
>
> * egbert at efficient.com [2001.01.10 17:25]:
> : Actually, I think you would have a better chance of
> coverage if you do the
> : following:
> :
> : /etc/hosts.deny
> : ALL: tci.net, tci.com, home.net, att.net
> :
> :
> : HOME.NET is used frequently by @Home corporate and network
> operation center.
> :
> : But, as a warning, this hosts.deny would not stop
> unregistered IP address or
> : contracted security-scanner hosts.
> :
> : S
>
> Actually, the better way to cover you butt is this:
>
> /etc/hosts.deny
> ALL: ALL
>
> /etc/hosts.allow
> ALL: 127.0.0.1
> sshd: 10.10.2.
>
> Where your hosts.allow is a list of services and IPs/networks you
> "trust". And of course, use firewalling. There is a *massive*
> firewalling script on freshmeat that I usually steal ideas from. It's
> way to complicated/bloated for my general usages, but you can check it
> out here: http://freshmeat.net/projects/rc.firewall/
> --
> cameron
> [ I spilled spot remover on my dog. He's gone now. ]
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list