[plug] security related articles

Craig Foster fostware at iinet.net.au
Thu Jan 3 19:12:51 WST 2002 

Wanna NEWBIE Toolkit?

For lots of modem users, I have portsentry running... You simply set
it to DENY using ipchains or DROP using iptables the IP that scans
your ports. Block all but your web and mail, and let portsentry grab
anyone who scans for other stuff (like port 111 (sunrpc), 1080 (socks
should be internal only), and 53 (unless you run a live DNS server in
which case you don't set this kinda thing up))

It's small and the main downside is nasty people who use nmap to spoof
your router or upstream DNS server (ie portsentry will block all
traffic to your ISP's router, killing your connection) To guard
against this, I config the ppp-up script to reset the blocked IPs

Be aware that any moderate server would not take kindly to this type
of program.

Regards,

Craig Foster

> -----Original Message-----
> From: Michael Hunt [mailto:michael.j.hunt at usa.net]
> Sent: Thursday, 3 January 2002 7:03 PM
> To: plug at plug.linux.org.au
> Subject: RE: [plug] security related articles
>
>
> Jason,
>
> Thanks for the links but the toolkits are only as useful as
> the data that
> they turn out. Not saying here that they don't turn out
> good quality data
> its just that it is not 'user-friendly' (or newbie friendly.
>
> Anyone have any links on how to interpret snort data ???
>
> Maybe a Linux security guru could give a PLUG talk ??? Maybe a Linux
> security guru will give a talk at LCA 2002 ??? Or maybe
> even at 2003 ???
> (Can I wait that long ????)
>
> Maybe I should become a Linux security guru !!!
>
> Michael Hunt
>
> > -----Original Message-----
> > From: Jason Nicholls [mailto:jason at mindsocket.com.au]
> > Sent: Thursday, 3 January 2002 10:08 AM
> > To: Perth Linux Users Group
> > Subject: [plug] security related articles
> >
> >
> >
> > OnLamp (http://www.onlamp.com/) has a link to a couple
> security related
> > articles that PLUGers may find interesting:
> >
> > 	Snort 'n' Dragon
> >
> > 	 Snort and Dragon are two intrusion-detection programs that
> > allow you
> > 	 to detect hackers trying to break into your system
> >
> > 	Understanding Rootkits
> >
> > 	 Hackers have many tools that allow them to remain
> undetected during
> > 	 an attack. Understanding these tools is key to
> recognizing and
> > 	 cleaning up after an attack.
> >
> > 	Tripwire
> >
> > 	 When a hacker gets through your primary defences,
> its hard to tell
> > 	 what they may have done to your system. Tripwire can
> > reliably detect
> > 	 changes to your system, including rootkits.
> >
> >
> > Later,
> >
> > Jason Nicholls
> >
> --------------------------------------------------------------------
> > Jason Nicholls    icq: 11745841    email:
> <jason at mindsocket.com.au>
> > Proprietor                        mobile: 0417 410 811
> > Mind Socket [web services]          http://www.mindsocket.com.au/
> >
> --------------------------------------------------------------------
> >
> >
>
>
>

More information about the plug mailing list