From owner-freebsd-questions Tue Sep 21 17:14:20 1999 Delivered-To: freebsd-questions@freebsd.org Received: from ns.clientlogic.com (ns.clientlogic.com [207.51.66.75]) by hub.freebsd.org (Postfix) with ESMTP id 6AC4915440 for ; Tue, 21 Sep 1999 17:14:18 -0700 (PDT) (envelope-from ChrisMic@clientlogic.com) Received: by site0s1 with Internet Mail Service (5.5.2448.0) id ; Tue, 21 Sep 1999 20:14:34 -0400 Message-ID: <6C37EE640B78D2118D2F00A0C90FCB4401105C85@site2s1> From: Christopher Michaels To: Joe Bo Cc: freebsd-questions@FreeBSD.ORG Subject: RE: is this an attack? Date: Tue, 21 Sep 1999 20:17:12 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Also, since you have tcp_wrappers installed take a look at 'man 5 hosts_access' and 'man 5 hosts_options'. Both are well documented, and unlike the ipfw solution (which is a good one), tcp_wrappers does log attempted connections. -Chris > -----Original Message----- > From: Eric J. Schwertfeger [SMTP:ejs@bfd.com] > Sent: Tuesday, September 21, 1999 8:01 PM > To: Joe Bo > Cc: Ben Smithurst; freebsd-questions@FreeBSD.ORG > Subject: Re: is this an attack? > > On Tue, 21 Sep 1999, Joe Bo wrote: > > > Thanks. I have those services open for use on my internal net. > > I haven't figured out yet how to disable them on my external > > network card and at the same time leave them enabled on my > > internal network card. I never telnet/ftp/etc over the public > > network to my machine, I do have and use ssh for that. > > The easiest way is to enable ipfw filtering on your machine. These are > the kinds of rules I use in a similar machine.... > > /sbin/ipfw add 100 allow tcp from any to any 25,53,79,80 recv de0 > /sbin/ipfw add 110 allow udp from any to any 53 recv de0 > /sbin/ipfw add 120 deny tcp from any to any 1-1023 recv de0 > /sbin/ipfw add 130 deny udp from any to any 1-1023 recv de0 > > The idea is to allow incoming traffic to services available to the > outside, then deny all other privledged ports, just in case. (My standard > security stance is to block all but that which is permitted in the > privledged port ranges, and allow all that isn't forbidden outside that > range). > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message