Re: Limit telnet to eth1?

From: Armin F. Gnosa (palm-archive_at_gnosa.com)
Date: 12/28/03 

Date: Sun, 28 Dec 2003 18:24:57 +0100

In article <4elsuvcoctnoa8k5u97vei65oph84su0cv@4ax.com>, chris@nospam.com wrote:
>
>
> I would be best to do both. For a 'router/server/bottle washer...'
> that has internet exposure, I strongly recommend learning how to setup
> iptables Either manually, which really isn't too hard with a good
> template or using a utility like Guarddog.

Although you might not even need iptables provided you 'hardened' the
machine, i.e. there are no services visible to the outside.

OTOH, it might be desirable to have a packet filter for malformed packets
or ICMP flooding attempts, BEFORE the actual TCP/IP stacks has to deal with
them.

>>I would highly suggest that you do not use telnet, use ssh instead.
>>PuTTY is a decent ssh implementation for the wintel platform. I do not
>>even have telnet installed on my Linux and Solaris boxes at home. My
>>home computers are behind a SonicWall firewall appliance but I still
>>treat them as if they are in an insecure environment. I am a firm
>>believer that every extra security measure you take makes it that much
>>harder for some one to hack you.
>
> I highly agree with the SSH recommendation.

Here as well. How often have I seen script kiddies breaking in through
the telnet service only to find that they're too dumb to execute the
install script of their r00tkit...

Regards
Armin 

--