OK.. Thank you for the explaining of this. I had seen it before and could not
understand
why. Cool.....
*********** REPLY SEPARATOR ***********
On 1/4/2001 at 14:03 Burke, Thomas G. wrote:
>The 1st one is -p tcp, and the 2nd is -p udp (one to block tcp & one to
>block udp datagrams)
>
>> -----Original Message-----
>> From: Steven Pierce [SMTP:[EMAIL PROTECTED]]
>> Sent: Thursday, January 04, 2001 1:54 PM
>> To: [EMAIL PROTECTED]
>> Subject: RE: blackhole firewall rules
>>
>>
>> Thomas,
>>
>> I have been listening to this list for sometime now. I have a question..
>> Why is
>> it that you list IPCHAINS command twice? I see what it is doing, you are
>> blocking
>> the port, and then logging it. Could not just type it once? Or is there
>> a specific
>> reason for the second time??
>>
>> Thank you for the information.
>>
>> Steven
>> NewBee
>>
>> *********** REPLY SEPARATOR ***********
>>
>> On 1/4/2001 at 13:51 Burke, Thomas G. wrote:
>>
>> >Why not just reject packets on the port where they scan? I imagine they
>> >usually scan the same port number.
>> >
>> >ie:
>> ># Back Orifice
>> >$IPCHAINS -A input -l -p tcp -s $ALLADDR -d $EXTERNAL_NET 31337 -j DENY
>> >$IPCHAINS -A input -l -p udp -s $ALLADDR -d $EXTERNAL_NET 31337 -j DENY
>> >
>> >This blocks the entire outside world from accessing port 31337 (and logs
>> it)
>> >
>> >I think you can use port ranges by using a hyphen, but I'm not absolutely
>> >sure 'bout that. That'd be of the form:
>> >
>> >$IPCHAINS -A input -l -p tcp -s $ALLADDR -d $EXTERNAL_NET 0-500 -j DENY
>> >$IPCHAINS -A input -l -p udp -s $ALLADDR -d $EXTERNAL_NET 0-500 -j DENY
>> >
>> >Although, I imagine that might break a lot of stuff...
>> >
>> >There is also a destination port argument, but I'm not sure if this'll
>> work:
>> >$IPCHAINS -A input -l -p tcp -s $ALLADDR -d $EXTERNAL_NET -dport 0-500 -j
>> >DENY
>> >
>> >Actually, I'd imagine this one'd be closer:
>> >$IPCHAINS -A input -l -p tcp -i $EXTERNAL_IF --destination-port 0-500 -j
>> >DENY
>> >$IPCHAINS -A input -l -p udp -i $EXTERNAL_IF --destination-port 0-500 -j
>> >DENY
>> >
>> >I hve no way to test this at the moment, but these are my inclinations...
>> >Anyone else have any inputs?
>> >
>> >
>> >
>> >> -----Original Message-----
>> >> From: Halcyon [SMTP:[EMAIL PROTECTED]]
>> >> Sent: Thursday, January 04, 2001 12:45 PM
>> >> To: [EMAIL PROTECTED]
>> >> Subject: blackhole firewall rules
>> >>
>> >> Hello, I'd like to be able to create a firewall rule that would drop
>> all
>> >> packets coming to my Linux box from the home.net network if they are
>> >> trying
>> >> to open a port below say, 500.
>> >>
>> >> My reason for this being that for the past year, I've ran my own IMAP
>> mail
>> >> server on my DSL and I've loved it. There's nothing more beautiful
>> than
>> >> having procmail sort all your email on the server instead of having to
>> use
>> >> a
>> >> client to sort. Unfortunately, the DSL is insanely expensive, so I
>> need
>> >> to
>> >> move my server over to my cable modem and cancel the DSL. I've noticed
>> >> that
>> >> @home portscans pretty regularly, so I need to be discreet about my
>> mail
>> >> server.
>> >>
>> >> I'm pretty sure that you can create some sort of rule with ipchains to
>> >> become invisible to @home and if anyone can help me out or help me help
>> >> myself, I'd greatly appreciate it.
>> >>
>> >> Thanks in advance,
>> >> Halcyon
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> Redhat-list mailing list
>> >> [EMAIL PROTECTED]
>> >> https://listman.redhat.com/mailman/listinfo/redhat-list
>> >
>> >
>> >
>> >_______________________________________________
>> >Redhat-list mailing list
>> >[EMAIL PROTECTED]
>> >https://listman.redhat.com/mailman/listinfo/redhat-list
>>
>>
>>
>>
>>
>> _______________________________________________
>> Redhat-list mailing list
>> [EMAIL PROTECTED]
>> https://listman.redhat.com/mailman/listinfo/redhat-list
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
