From owner-freebsd-questions Mon Dec 4 6:30:53 2000 From owner-freebsd-questions@FreeBSD.ORG Mon Dec 4 06:30:51 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from hp.ruraltel.net (unknown [24.225.0.100]) by hub.freebsd.org (Postfix) with ESMTP id 6B8FA37B400 for ; Mon, 4 Dec 2000 06:30:50 -0800 (PST) Received: from mail1.ruraltel.net ([24.225.0.33]) by hp.ruraltel.net (Post.Office MTA v3.5.3 release 223 ID# 0-68608U15000L4100S0V35) with ESMTP id net for ; Mon, 4 Dec 2000 08:30:00 -0600 Received: from darryl ([24.225.30.243]) by mail1.ruraltel.net (Post.Office MTA v3.5.3 release 223 ID# 0-68608U15000L4100S0V35) with SMTP id net for ; Mon, 4 Dec 2000 08:32:36 -0600 Reply-To: From: "Darryl Hoar" To: Subject: Double check please. Date: Mon, 4 Dec 2000 08:31:50 -0600 Message-ID: <002401c05dfe$f0ec7ac0$0701a8c0@ruraltel.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Greetings, I am running: FreeBSD proxy 4.0-RELEASE FreeBSD 4.0-RELEASE #0: Mon Mar 20 22:50:22 GMT 2000 root@monster.cdrom.com:/usr/src/sys/compile/GENERIC i386 I recently noticed 'someone' knocking on my door with anonymous ftp. Then I noticed others. A total of four attempts recorded in /var/log/messages. Since none of those services are used on this computer (at least by my users) I freaked a bit. This machine provides internet access for my network. It has a 56K dialup link and is running userland ppp with the -auto and -nat flags. TIMEOUT is 300. I thought I was pretty safe, but evidently not. here's what I have done: 1. disabled inetd from starting. 2. disabled portmapper from starting. sockstats only shows syslogd listening. is this sufficient ? Also, has anyone come up with a way to prevent Outlook from keeping the link up? The users are forever forgetting to shut it down on their machines and thus the link is kept alive even when everyone's gone home. Would it be smart to have cron shutdown/restart the ppp process so its only available during business hours ? I'm still plowing through firewall rules, so I'm not ready to implement a firewall yet. thanks, Darryl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message