[plug] Lock the box

[Sean Macleod]

Brad Campbell wrote:
> 
> G'day all,
> I'm after some advice regarding locking my box down pretty tight.
> I have a debian slink box, running 2.2.11 with ppp and diald masq'ing
> for my network.
> It's IP is 192.168.1.100 and the rest of the network is 192.168.1.*
> I pretty much want to deny all incomming connections to the box.
> I have commented out all the unused items in inetd.conf and
> done a killall -HUP inetd.
> netstat -na tells me that there are a lot less ports listening.
> Is there an easy way, using ipchains maybe, to deny all incomming
> connections,
> probably the easy way to do it, is block incomming from ppp0 ?
> 
> I'm in the process of reading all the man pages and howto's I can
> get my hands on, but I don't really want to experiment too much
> as I'm using this as a samba server for some windows boxes and they
> tend to get upset when thier feed is cut off all of a sudden.
> 
> Cheers all..
> 
> --
> Brad.    /"\
>          \ /     ASCII RIBBON CAMPAIGN
>           X      AGAINST HTML MAIL
>          / \

have a look at this guy's site (esp armouring linux)


http://www.enteract.com/~lspitz/papers.html

I think he is fairly extreme but you can work back from there

Sean

_______________________________________________________________________________
Unencrypted electronic mail is not secure and may not be authentic.
If you have any doubts as to the contents please telephone to confirm.

This electronic transmission is intended only for those to whom it is
addressed. It may contain information that is confidential, privileged
or exempt from disclosure by law.  Any claim to privilege is not waived
or lost by reason of mistaken transmission of this information.
If you are not the intended recipient you must not distribute or copy this
transmission and should please notify the sender.  Your costs for doing
this will be reimbursed by the sender.
_______________________________________________________________________________