On 2001-05-14 07:28:20 +0000, Juergen Helbing wrote:
> On Mon, 14 May 2001 10:06:42 +1200, you wrote:
>
> >> Your unauthorized port probing has been detected.
> >> Your ISP will be notified within the next 12 hours.
> >>
> >>Even if I never get around to checking the logs (very unlikely), I can
> >>just imagine the sweating they'd do for the next couple of days! ;)
> >
> >Set in dnews.conf
> > nntp_logoff Your unuauthorized port probing will be reported to
> >your ISP...
>
> May I suggest a better method against port-probing ?
>
> If Dnews would get an option to reject all connections outside the
> allowed IP-address range(s), then the user cannot even connect to port
> 119. Then all port-sniffers give up.
DNews cannot do this, because it has to accept() the connection before
it can determine the peer address. However, you can setup a packet
filter to catch any packets from unauthorized hosts before they even get
to dnews. How to do this depends on your OS. Linux and BSD have packet
filtering capabilities in the kernel, which only have to be activated.
Windows NT/2000 also can do some limited filtering and there are several
freeware Firewall packages available. Don't know about commercial
unixes, but if you are running your News server on one you probably
already have some kind of firewall.
hp
--
_ | Peter J. Holzer | It's nice to fix problems by accident.
|_|_) | Sysadmin WSR / LUGA | -- Theo de Raadt
| | | [EMAIL PROTECTED] | <[EMAIL PROTECTED]>
__/ | http://www.hjp.at/ | on bugtraq 2001-03-19
PGP signature
