From owner-freebsd-questions  Wed Feb 23  1:36:49 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from l1.ds.net (l1.ds.net [207.239.204.197])
	by hub.freebsd.org (Postfix) with ESMTP id 94FCD37B5DA
	for <freebsd-questions@FreeBSD.ORG>; Wed, 23 Feb 2000 01:36:44 -0800 (PST)
	(envelope-from jmutter@ds.net)
Received: from ds.net (i1p65.cmh-oh.ds.net [207.239.205.65])
	by l1.ds.net (8.9.3/8.9.3) with ESMTP id NAA01622;
	Tue, 22 Feb 2000 13:46:09 -0500
Message-ID: <38B2D996.30FABF39@ds.net>
Date: Tue, 22 Feb 2000 13:46:46 -0500
From: "James A. Mutter" <jmutter@ds.net>
Reply-To: jmutter@ds.net
X-Mailer: Mozilla 4.7 [en] (X11; U; Linux 2.0.36 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Jonathon McKitrick <jcm@dogma.freebsd-uk.eu.org>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: security question (firewalls)
References: <Pine.BSF.4.21.0002221826080.12055-100000@dogma.freebsd-uk.eu.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Jonathon McKitrick wrote:
> 
> Quick question: i read that a guy with a DSL connection running Linux
> found he was an unwilling participant in some hacker attacks, or at
> least could have been.  Apparently someone hacked his box and left a
> script there.  For frequent/extended ppp connections from my laptop,
> should i consider going through the trouble of setting up a firewall?

A DSL connection, in my opinion, is more likely to be attacked because
it is a permanent connection.  It's likely in his case that he was
hosting a public W3 site, ftp site or something else that drew attention
to his box.  You on the other hand, with regular dialup PPP connections
are less conspicuous, and therefore less likely to attack.

Is it a good idea to setup a firewall?  Of course it is.  If nothing
else it's a learning experience.  

If you're using the user-land PPP client it already has
in/out/dial/keepalive filters just waiting to be configured.  If you're
using kernel-land PPP then I think you can probably use the IP Filter/IP
Nat package or Natd.  Personally I recommend IP Filter, I think it's
easier to setup, has a more 'natural' syntax,  and can do a few things
that Natd can't.

For more information try the following:
  * man ppp
  * read the ppp.conf examples located here: /usr/share/examples/ppp
  * http://www.freebsd.org/handbook/ppp-and-slip.html
  * http://www.freebsddiary.org/topics.html (All kinds of info here)
  * http://coombs.anu.edu.au/~avalon/
  * http://www.obfuscation.org/ipf/
  * man natd
 
That should certainly be enough to get you going.  :)

Good luck,
Jim


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message