Re: Question about blocking IP's

On 31 Dec 2005, in the Usenet newsgroup comp.os.linux.networking,
yas_chan wrote:

Composite reply:

In <1136021177.605623.129670@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, yas_chan"
<nestor_kun@xxxxxxxxxxx> wrote:

>Hmm I'm confused.
>
>What should I do? I don't want to disable portsentry because it stops
>the portscanners even though there is possibility that it could be used
>against me.

Why? In your mind, look at a wall that is 65 kilometers long. Every meter
along the wall, there is a number, starting at 1, and going up to 65535,
Looking at another reply (below), beneath three numbers (21, 80, and 900)
there is a door. Now, here comes the entire population of the cities of
New York, London, Moscow and Beijing, and each one goes up to the numbers
on the wall and knocks. Meanwhile, you are sitting on the other side of
the wall, drinking a cup of $BEVERAGE. Question for you; are any of the
people on the other side of the wall going to get in? How? There are only
three doors, and they are the ONLY way in. When people come through those
doors, do you allow them to do anything? So, quit worrying about people
knocking on the wall.

>I understand I had better to close the 143 port. I have no use for
>IMAP. How can I close this port?

It's not open. PortSentry is like a windoze personal firewall. Their main
use is telling the ones who use it that some host in Korea or Kenya
attempted to connect to a trojan that they don't have installed.

>Okay, I know - since we are talking about newsgroups - next reply to my
>post is going to be a slap on my face.

Well, it would be nice if you quoted some of what you are replying to,
so people can understand what you are talking about.

In article <1136021286.027899.160440@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, you
replied:

>Thanks for Security-Quickstart-HOWTO! I'm now learning it :) It's
>wonderful article!! COOOOL! ^^

There are 470+ HOWTOs, totalling nearly four million words, on the
equivalent of about twelve thousand pages of text. The documents are
there to provide information, but they can't help you unless you
actually look to see what is there.

At http://tldp.org/guides.html, there are over twentyfive books you can
download. Some of these may already be on your system, or distribution CD.
The information _is_ available.

In article <1136021803.777139.199160@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, you
replied:

>Now I understand! But let's say I want to run WWW service, and people
>from different addresses would be using my system. If hosts.deny blocks
>ALL those addresses which I didn't write to hosts.allow - how can
>someone I don't know use my system?

They can't. That's why tcp_wrappers/libwrap/hosts_access(5) isn't
always the best tool to use. For example, I used to use this to
control access to my mail server. I most certainly did NOT want just
anyone being able to connect to it. On the other hand, I use the
firewall to limit access to a few specific network blocks for another
(intentionally unnamed) service.

Who do you think is going to want access to your web server? Why? What
will you allow them to do? That is generally best controlled by setting
up the web server correctly, not depending on the firewall (other than
to block major areas, like most of Central/South America, or Asia, or
what-ever).

In article <1136024169.312068.298720@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, you
replied:

>About my ports:
>"nmap localhost" says following:

OK

>900 port is what I use for SSH connections (I wanted to change the
>default to this to block most of the attempts flowing to the default
>SSH port)

That's fine. I would have chosen a higher number - if you read the man
page for nmap (one example), or any other scanner, the better ones will
default to scanning ports 1 to 1024. Your port 900 would show up, but as
long as the server isn't showing to much of a banner, this is not a major
problem.

>I wonder what that IMAP port stuff is all about.

Their main use is telling the ones who use it that some host in Korea or
Kenya attempted to connect to a trojan that they don't have installed.

>Happy New Year!

Happy New Year to you too!

Old guy
.

Relevant Pages

  • Re: Remote Access
    ... Please rerun CEICW, this helps up configure network and websites ... On the Web Server Certificate page shows. ... http://ipaddress/remote to access RWW, type the public IP address in the ... that if SBS is behind a router, I need to configure the port forwarding ...
    (microsoft.public.windows.server.sbs)
  • Re: disconnect a hacker
    ... My Web server station is right next ... my attention divided by security concerns... ... see an IP connected to port 80, ... I've been forwarding my firewall logs to my ISP, ...
    (alt.computer.security)
  • Re: disconnect a hacker
    ... My Web server station is right next ... ]see an IP connected to port 80, ... ]I notice a significant number of probes on my firewall console window ... that the attacks on you are simply attacks on you amongst millions of ...
    (alt.computer.security)
  • Re: how to universally source files
    ... Port 80 is blocked (I used to have Apache on my machine and pointed it ... between running a script via wish and via a web server. ... I would think the difference is that running a script via Wish is to do ...
    (comp.lang.tcl)
  • RE: Server not actually streaming without full path to file
    ... I stopped the web server, pointed the WMS HTTP Server protocol to port 80 and I'm golden. ... Didn't have to do anything to the firewall. ... > over to HTTP (because MMS/RTSP streaming will fail). ...
    (microsoft.public.windowsmedia.server)