From owner-freebsd-security Thu Jul 30 18:42:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA12653 for freebsd-security-outgoing; Thu, 30 Jul 1998 18:42:55 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from enya.hilink.com.au (enya.hilink.com.au [203.8.14.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA12641 for ; Thu, 30 Jul 1998 18:42:44 -0700 (PDT) (envelope-from danny@enya.hilink.com.au) Received: from localhost (danny@localhost) by enya.hilink.com.au (8.8.8/8.8.7) with SMTP id LAA21572; Fri, 31 Jul 1998 11:29:22 +1000 (EST) (envelope-from danny@enya.hilink.com.au) Date: Fri, 31 Jul 1998 11:29:22 +1000 (EST) From: "Daniel O'Callaghan" To: Wietse Venema cc: efb@cotdazr.org, security@FreeBSD.ORG Subject: Re: PPP.3000.exposure In-Reply-To: <19980731000439.4580B7036A@spike.porcupine.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 30 Jul 1998, Wietse Venema wrote: > efb@cotdazr.org: > > > > Had a random sweep and the question came up .. what and why does my > > port 3000 show to the world outside for .. can I block it .. should I > > sweat it .. the F.Bsd_205 box is the router as well as main server .. > > > > Can I Wrap the 3000 at least so as not to kill iijppp and reduce my > > exposure and how ??? > > This is one feature of the ppp daemon that I didn't like at all. > To block, you'd need a kernel-based packet filter; or hack the > source and rip out the Brian will correct me if I am wrong, but I believe that for quite a while now ppp has not bound to 3000 if there is no password set for the machine. Not perfect protection, of course, but something. It is not too hard to enable ipfw, either in-kernel or as lkm. Just flick the switch in /etc/rc.conf (firewall="YES") and add the appropriate ipfw rules. Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message