Not much; just bluescreen crash or rebbot an unpatched win95 or win98 box On Sat, Oct 28, 2000 at 02:21:35PM -0500, Brent Harding wrote: > Regarding security on cable, is it really an issue that if things aren't > set up right that people down the street from you have easier access to > your machine because all those machines down the street are one big > network? I'm not sure if roadrunner works the same as athome, but I've > heard of this online. My friend who uses roadrunner claims to have had his > clock fiddled around with in windows, discovering the error when he tried > to reboot and it gave the message of other users connected on the system, > and network neighborhood brought him to a dos box. > In windows, ports 135, 138, and 139 are probably always open, but you can't > do much too usefull with them. > At 05:43 PM 10/28/00 +1100, you wrote: > >Be aware that when a port is open it has to respond correctly in the > >3-way handshake so that machines can connect to it. Regarding pop if you must > >have pop3 service; use apop or md5 style authentication. > >I'd think it better to block incoming pop on the cable interface > >and use imap with cram-md5 authentication but that isn't trivial to > configure. > > > >Regards, Kerry. > >On Sat, Oct 28, 2000 at 02:23:35AM -0400, Frank J. Carmickle wrote: > >> Ok Brian. > >> How secure do you want this machine that lives on the wonderfully unsecure > >> network of athome? I would imagine that you want something that's a > >> little tighter then what you have right now. When I portscan you I see 21 > >> 23 24 80 110 and 113. Looks everything else is closed up. My > >> recommendation to you is to get ssh on your box and forget about telnet > >> and ftp for starters. Why you have pop3 waiting for connections is > >> something else I would think you would want shut down. If you really need > >> http keep it. However if you have another machine that you can > >> specifically set up as a firewall you will be a lot happier to know that > >> all of the trafic to your http server can be logged. Same goes for > >> everything else. > >> > >> One thing that you really also want to have happening is some ipchains > >> rules setup so that your machine doesn't respond to portscans or ping > >> requests. This should fool most people looking around to find someone > >> valnerable. I'll post a ipchain rule set that has a lot of this done for > >> you already. Then Kerry can go over it with a fine tooth comb and tell me > >> what's wrong with it. > >> > >> HTH > >> FC > >> > >> > >> On Fri, 27 Oct 2000, brian Moore wrote: > >> > >> > Greetings all. okay finally got my linux box up and all my services > >> > running the way I want. my mail server is finally doing what I want. I > >> > think i have all my ipchains rules setup right and pluged all the > security > >> > holes I know of. the one I'm not clear on is my port 25 security. if > this > >> > machine ever becomes a spam host, I will have to shoot myself so I > want to > >> > make real sure that no one except those in my local network can use it. > >> > probably asking for trouble but got all my logging on verbose to see what > >> > happens. can someone try and use my smtp server and see if you can. if > >> > you notice anything else, let me know as well. > >> > > >> > would really apreciate it. > >> > > >> > host is bmoore.yi.org > >> > thanks. brian. > >> > > >> > > >> > > >> > _______________________________________________ > >> > Speakup mailing list > >> > Speakup at braille.uwo.ca > >> > http://speech.braille.uwo.ca/mailman/listinfo/speakup > >> > > >> > >> > >> _______________________________________________ > >> Speakup mailing list > >> Speakup at braille.uwo.ca > >> http://speech.braille.uwo.ca/mailman/listinfo/speakup > > > >-- > >-- > >Kerry Hoath: kerry at gotss.eu.org > >Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au > >ICQ UIN: 62823451 > > > > > >_______________________________________________ > >Speakup mailing list > >Speakup at braille.uwo.ca > >http://speech.braille.uwo.ca/mailman/listinfo/speakup > > > > > > > > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup -- -- Kerry Hoath: kerry at gotss.eu.org Alternates: kerry at emusys.com.au kerry at gotss.spice.net.au or khoath at lis.net.au ICQ UIN: 62823451
