Re: Hacker Script Attempt

To: debian-isp@lists.debian.org
Subject: Re: Hacker Script Attempt
From: Gene Grimm <elessar@noi.net>
Date: Fri, 05 Oct 2001 21:54:41 -0400
Message-id: <[🔎] 3BBE6460.A7F48CF8@noi.net>
References: <[🔎] 001a01c1564d$437cafc0$13cca341@networksonline.com> <[🔎] 20011005124614.A7513@kitenet.net>

What is the best way to protect specific daemons (inet and standalone like proftpd
and apache) from intrusion attempts? I am not that familiar with Linux firewalling
rules yet and am in the process of obtaining a comprehensive administrator's study
guide. I presently have hosts.deny with lines to block outside attacks to telnet,
etc. but they don't seem to work. The lines read:

ALL: PARANOID
ALL: .dial.domain1.com
ALL: .dialup.domain2.net
sshd: ALL EXCEPT 127. ip.block.1. ip.block.2. ip.block.3.
in.fingerd: ALL EXCEPT 127. ip.block.1. ip.block.2. ip.block.3.
in.telnetd: ALL EXCEPT 127. ip.block.1. ip.block.2. ip.block.3.
portmap: ALL EXCEPT 127. ip.block.1. ip.block.2. ip.block.3.

Two of the hosts omitted ip.block.2. and ip.block.3. in the hosts.deny file. This
configuration successfully repels attempts from the specified domains, but it
doesn't seem to work for the specific daemons like telnet. My tests were using our
own servers from one in ip.block.2. to one that does not have the last two blocks
included in the telnet line.

Reply to:

Follow-Ups:
- Re: Hacker Script Attempt
  - From: "Jeremy C. Reed" <reed@wcug.wwu.edu>

References:
- Hacker Script Attempt
  - From: "Gene Grimm" <elessar@noi.net>
- Re: Hacker Script Attempt
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: WAAAA! Mailreader resending 200 mails per mail sent!
Next by Date: Re: Hacker Script Attempt
Previous by thread: Re: Hacker Script Attempt
Next by thread: Re: Hacker Script Attempt
Index(es):
- Date
- Thread