[NTLUG:Discuss] Anyone runs ftp, mail server, httpd and get catched from @home
Cameron
hrothgar at endor.hsutx.edu
Thu Jan 11 12:50:46 CST 2001
Then use this:
/etc/hosts.allow
sshd: ALL
My point was to deny "ALL:ALL" and use hosts.allow to give access to
services, not the other way around.
--
cameron
[ How do you tell when you're out of invisible ink? ]
* egbert at efficient.com [2001.01.11 11:17]:
: That is the best over-protective idea I've seen in a while.
:
: It would stunt YOUR ability to access your box from anywhere (particularily
: from LAX or OHA airport wireless terminal drop).
:
: Steve
:
: > -----Original Message-----
: > From: Cameron [mailto:hrothgar at endor.hsutx.edu]
: > Sent: Thursday, January 11, 2001 11:01 AM
: > To: discuss at ntlug.org
: > Subject: Re: [NTLUG:Discuss] Anyone runs ftp, mail server,
: > httpd and get
: > catched from @home
: >
: >
: > * egbert at efficient.com [2001.01.10 17:25]:
: > : Actually, I think you would have a better chance of
: > coverage if you do the
: > : following:
: > :
: > : /etc/hosts.deny
: > : ALL: tci.net, tci.com, home.net, att.net
: > :
: > :
: > : HOME.NET is used frequently by @Home corporate and network
: > operation center.
: > :
: > : But, as a warning, this hosts.deny would not stop
: > unregistered IP address or
: > : contracted security-scanner hosts.
: > :
: > : S
: >
: > Actually, the better way to cover you butt is this:
: >
: > /etc/hosts.deny
: > ALL: ALL
: >
: > /etc/hosts.allow
: > ALL: 127.0.0.1
: > sshd: 10.10.2.
: >
: > Where your hosts.allow is a list of services and IPs/networks you
: > "trust". And of course, use firewalling. There is a *massive*
: > firewalling script on freshmeat that I usually steal ideas from. It's
: > way to complicated/bloated for my general usages, but you can check it
: > out here: http://freshmeat.net/projects/rc.firewall/
: > --
: > cameron
: > [ I spilled spot remover on my dog. He's gone now. ]
: > _______________________________________________
: > http://ntlug.org/mailman/listinfo/discuss
: >
: _______________________________________________
: http://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list