Date: Thu, 30 Nov 2000 06:39:51 -0500 (EST) From: Ralph Huntington <rjh@mohawk.net> To: "Jonathan M. Slivko" <jon_slivko@simphost.com> Cc: John Howie <JHowie@msn.com>, freebsd-isp@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Danger Ports Message-ID: <Pine.BSF.4.21.0011300638070.41479-100000@mohegan.mohawk.net> In-Reply-To: <Pine.BSF.4.21.0011291907110.79751-100000@alpha.simphost.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Check out "fakebo" and "portsentry" in /usr/ports/security/ On Wed, 29 Nov 2000, Jonathan M. Slivko wrote: > I am referring to the Back Orifice, Trinoo server ports, etc. Where can I > get my hands on a list of those port #'s? or are there any utilities that > act as those servers and log all attempts in hopes of catching those users > who will no doubt try and take advantage of an open system? > > ---- > Jonathan M. Slivko <jon_slivko@simphost.com> > Technical Support, CoreSync Corporation (http://www.coresync.net) > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > Pager/Voicemail: (917) 388-5304 > ---- > > On Wed, 29 Nov 2000, John Howie wrote: > > > Jonathan, > > > > Rather than denying access to certain ports on your system, and allowing > > access to the rest, you might find it easier to think in the reverse - What > > ports do I need to leave open to outside (presumably Internet) users? > > > > The answer to that question depends on the needs of your outside users. You > > will probably need to allow SSH access, and I would suggest that you get > > users to use SCP instead of FTP (unless you have a public FTP site that > > allows anonymous connections). You might also need to open up access to SMTP > > and POP3 services for mail (while ensuring that your site can't be used as a > > mail relay). DNS is another service that you might need to provide access > > to. > > > > If users need access to so-called dangerous services such as X, printer, > > NFS, NIS, SNMP, etc. then I would look for a VPN solution that brings them > > into your network through the firewall and allows them to access these > > services as an internal user. > > > > O'Reilly does a good book on Firewall Security, I suggest that you get it > > and have a read. CERT also has a good document on packet filtering > > (http://www.cert.org). Also, check the FreeBSD handbook or The Complete > > FreeBSD for more information about setting up firewalls on FreeBSD systems. > > > > Hope this helps, > > > > john... > > > > ----- Original Message ----- > > From: "Jonathan M. Slivko" <jon_slivko@simphost.com> > > To: <freebsd-security@freebsd.org> > > Cc: <freebsd-isp@freebsd.org> > > Sent: Wednesday, November 29, 2000 5:23 PM > > Subject: Danger Ports > > > > > > > Can someone tell me what are the "danger" ports on FreeBSD, ports that > > > perhaps need to be blocked because they are insecure? I would like to know > > > so in the future, I can prevent outside attacks and concentrate more on > > > internal attacks, or "insider jobs" as they're called. > > > > > > ---- > > > Jonathan M. Slivko <jon_slivko@simphost.com> > > > Technical Support, CoreSync Corporation (http://www.coresync.net) > > > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > > > Pager/Voicemail: (917) 388-5304 > > > ---- > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011300638070.41479-100000>