[ LUGOS ] Potencialen vdor?

[Jernej Horvat]

> 18:07:37 MAJA portsentry[8366]: attackalert: Host 195.199.18.65 has
> been +blocked via dropped route using command: "/sbin/route add -host
> 195.199.18.65 +reject"

Jaz ne uporabljam dodajanje v /etc/hosts.deny (ALL:ALL :->), 
ampak ipchains -A input -i moj_inet_device -s $TARGET -j DENY
Lahko dodas se "-l" in si bo dostope zapisoval v syslog.

> Emm port 109 je pop2 port - wtf ??

Upam da si ga komentiral v /etc/inetd.conf. ;-)

> Spet enako vpra=B9anje: kaj naj storim?

Blokiraj ICMP promet, komentiraj servise v /etc/inetd.conf, ki jih ne 
rabis, firewall nastavi tako da ne bo dovolil dostopa RAZEN do 
(smtp, ftp, www....), beri LASG <http://www.seifried.org/lasg/>....
- - -
Intuition : an uncanny sixth sense which tells people 
that they are right, whether they are or not.

> all the standard disclaimers apply <