David L. Roberts wrote:
> They took a look at me too:
> Jul 3 19:43:32 ria in.ftpd[2785]: connect from 24.112.52.123
>
> But this is the ftp daemon right...? I guess I could shut ftp
> off as well - I just find it useful to transfer "homework"
> between my employer and home. I thought I had things set fairly
> tight, but maybe I should set 'em tighter. Also, this is the
> first real test of the system as it's usually running
> Winblows95, but the wife-N-kids are off on vacation (and I'm
> recovering from a little minor surgery) so I currently have no
> need for any M$ products.
Yes, it is the ftp daemon. I would recommend shutting it down and
using SCP instead. Dispite the claims that ftp and telnet are
only dangerous because of the clear-text passing of usernames and
passwords, there are other dangers. Some telnet and ftp daemons
have remote exploits, root-shell buffer overflows, etc. The
commercial versions of SSH may or may not have security problems,
but since 2.0 and up are closed source, it's harder to tell.
Personally, I suggest OpenSSH (preferably downloaded from a
NON-US site).
> And yes, I know I should have a dedicated firewall, yada yada
> yada, but I don't have the $$$ for the rest of the hardware to
> build the system so I'm sitting here playing a little Russian
> Roulette - hoping my Bastille installation will hold up until
> I'm able to finish building my firewall before... =:|
>
Actually, since it's just a single machine and there is no
network behind it, there really isn't a reason for a dedicated
machine. Just use ipchains to set up a firewall on that machine.
Bastille is definately a great first step, and during the
installation, it will download and install SSH for you, as well
as set up basic firewalling.
Kenny
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
