On Wed, 27 Jun 2001, Drage, Nicholas wrote:
> > > We also get heavily probed by Wanadoo is there nothing we
> > > can do about it?
> >
> > block their networks... either at the router, ipchains or hosts.deny
> > (although the last one won't protect against dns, ssh, http
> > and everything outside inetd.conf...)
>
> Not quite true IIRC, OpenSSH as built by Cobalt does support use of
> tcp-wrappers, which is very useful and so worth noting.
>
> ( can't speak for RaQ4's, users are urged to test limiting SSH access by
> using tcpdcheck or a very open ruleset before they lock themselves out of
> their RaQs, I am not speaking on behalf of my employer, accept no liability,
> and so on )
>
> --
> Nick Drage - Security Architecture - Demon Internet - Thus PLC
> "A chieftain who asks the wrong questions always
> hears the wrong answers"
> Leadership Secrets of Attila the Hun
I meant the defaults... the general idea was that it doesn't entirely
block everything (and from all the list, ssh has the least chance to be a
problem, i think)
- shimi.
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
