From owner-freebsd-security Fri Apr 27 6:52:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.fdma.com (mail.fdma.com [216.241.67.73]) by hub.freebsd.org (Postfix) with ESMTP id 1831837B424 for ; Fri, 27 Apr 2001 06:52:11 -0700 (PDT) (envelope-from scheidell@fdma.com) Received: from MIKELT (mikelt.fdma.lan [192.168.3.5]) by mail.fdma.com (8.11.3/8.11.3) with SMTP id f3RDptV75615 for ; Fri, 27 Apr 2001 09:51:59 -0400 (EDT) Message-ID: <001f01c0cf21$3b25fe70$0503a8c0@fdma.com> From: "Michael Scheidell" To: References: <200104260303.f3Q33CK49974@caerulus.cerintha.com> Subject: Re: Connection attempts (& active ids) Date: Fri, 27 Apr 2001 09:51:46 -0400 Organization: Florida Datamation, Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: "Mike Silbersack" > Well, by listening on more ports, you're just making yourself a more > appealing target. As such, I don't think you're really increasing your > security. It's attacks on the services that you're running which matter. > who said I was listening on any ports? icmp echo is blocked (ipfw deny) I just parse the ipfw log for 'Reject|Deny' Just added rules for hosts.allow also, in case you allow telnet form some hosts and not others. easy to implement. register at mynetwatchman.com (get a username/password) install the tarbal for freebsd (perl script, puts sh in /usr/local/etc/rc.d) fire up up and go away. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message