At 6:45 PM -0400 5/6/02, Gerry Doris wrote:
>On Mon, 6 May 2002, Glen Lee Edwards wrote:
>
>> Pieter De Wit writes:
>> >Hello Original Poster,
>> >
>> >Sorry I joined the thread late, but why don't you firewall the
>>box(es) using
>> >ipchains or iptables ?
>>
>> I haven't done that for several reasons:
>>
>> 1) If the firewall box goes down, the entire system goes down.
>>
>> 2) I had a leased server that was behind a firewall. It
>>frequently was a pain
> > to deal with.
>> ...snip...
> > Glen
>
>With all due respect you sir are an idiot and a hazard to the rest of the
>community. After being hacked three separate times I would've thought
>that you would agree that you need more security. However, you continue
>to spout the above dribble to those trying to help you.
OUCH! :-(
Sometimes it's hard for each of us to remember when we were
novices. I still am, and I take both inspiration and counsel from
those that have come before me. You know who you are, and I thank you!
The point has been made that a properly constructed and
maintained firewall would likely have prevented most, if not all, of
Glen's problems.
Gerry makes a good point (however painfully and candidly
applied) that Glen's lack of attention to this critical component was
ignorantly overlooked. However, it's a dramatic and extreme
statement, IMO, to suggest that he's such a hazard that he should
sell his equipment and give up. If each of us were to apply this
extreme position to ourselves, there would be no one left to run
servers.
My advice is to setup the firewall with all ports closed
except those that are absolutely required for the server to function.
My own servers have only about 6 open ports (http, POP, SMTP, etc.).
Just last week, some keyboard jockey tried some 443 port
scanning on my servers. My firewall smacked it down, sent me a quick
E-mail, and let me follow up on the attack. Trouble was that the
originating IP address was "netsol.com" (obviously spoofed), so I
couldn't setup a new rule to block traffic from this IP.
Patrick Beart
--
------------------------------------------------
Web Architecture & "iWeb4Biz" 503-774-8280 Portland, OR
Internet Consulting, Intelligent Web site Development & Secure site Hosting.
http://www.WebArchitecture.com/
"This is an era when nonsense has become acceptable and sanity is
controversial."
- Thomas Sowell
------------------------------------------------
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
