[plug] Monday meeting summary, Channel 7 tour offer
Earnshaw, Mike
earnshawm at wa.switch.aust.com
Tue May 23 13:05:02 WST 2000
For newbies where does one start with implementing these features. I was
quiet shocked with the number of probes/reports from last nights SAGE
seminar and since I am still learning Linux also concerned. My skills are no
where near good enough to detect and block anyone other than script kiddies.
I have started reading the LASG, we use Linux Router Project as a firewall
and have firewall in the Kernel (most set-up before I joined the company)
which appears to be doing the job according to the logs.
Any pointers would be appreciated.
Thanks
> -----Original Message-----
> From: Leon Brooks [mailto:leon at brooks.smileys.net]
> Sent: Tuesday, May 23, 2000 12:06 PM
> To: plug at plug.linux.org.au
> Subject: Re: [plug] Monday meeting summary, Channel 7 tour offer
>
>
> Christian wrote:
> > scripts
> > which "intelligently" react to block probes etc. are generally a bad
> > idea and typically open a bigger vulnerability than they close.
>
> A lot depends on how they react. Temporarily adding an IPChains entry,
> and extending that to cover a subnet if necessary, limit of 20 per
> customer, hardly seems like a "vulnerability". I already
> block martians,
> unused/potentially-insecure services and do egress filtering,
> so I can't
> see how more blocking could increase my risk.
>
> --
> Dogs have masters. Cats have staff.
>
More information about the plug
mailing list