Date: Sat, 24 Jun 2000 15:04:57 GMT From: Salvo Bartolotta <bartequi@inwind.it> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Confused by Loopback (& security) Message-ID: <20000624.15045700@bartequi.ottodomain.org> In-Reply-To: <20000624142438.A27546@hades.hell.gr> References: <20000621205221.A43715@pool0586.cvx20-bradley.dialup.e> <20000623004145.B17268@hades.hell.gr> <20000623193527.B481@dialin-client.earthlink.net> <20000624142438.A27546@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
> It is not necessary for everyone to be paranoid. However, after=20 playing > around with ipfilter and making myself a closed-type firewall (the=20 rules > are listed at the end of this message), I saw far too many blocked > packets to just ignore the fact that I was being constantly=20 port-scanned > while I was online! > Anyway, the rules that I now use look like: > @1 pass out quick proto tcp from any to any keep state > @1 block in log from any to any > @2 block in proto eigrp from any to any > @3 pass in quick on lo0 from 127.0.0.1/32 to 127.0.0.1/32 > @4 block in log quick from 127.0.0.0/8 to any > @5 block in log quick from any to 127.0.0.0/8 > @6 pass in quick proto tcp from any port =3D 20 to any keep state > @7 pass in quick proto tcp from any to any port =3D 22 keep state > @8 pass in quick proto tcp from any to any port =3D 25 keep state > @9 block return-rst in log quick proto tcp from any to any port =3D= =20 113 flags S/SA > @10 pass in quick proto udp from any to any port =3D 53 > @11 pass in quick proto udp from any port =3D 53 to any > @12 pass in quick proto icmp from any to any > If you care to notice rules @3-@5 in the input chain, you will see=20 that > I only allow packets from 127.0.0.1 on lo0, and the rest of the > 127.0.0.0/8 subnet is filtered out on any interface. Of course, as I > said before, I am paranoid ;-) Hello Giorgios, I have been meeting (and logging) a number of analogous problems; my=20 ipfw (stateful) firewall is also closed. I seem to understand there is, as it were, an Internet cosmic=20 radiation, caused by thousands of crackers (or would-be such)=20 continually scanning millions of machines in order to find out where=20 their Trojan horse(s) is/are operational. Usually, those scans are not specifically aimed at you. However,=20 sometimes they ARE ... Best regards, Salvo =20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000624.15045700>