OK, I opened port 80. Now I get the following log action: May 5 06:12:49 firewall sh-httpd[2284]: refused connect from dsl092-171-025.wdc1.dsl.speakeasy.net May 5 06:12:54 firewall sh-httpd[2285]: refused connect from dsl092-171-025.wdc1.dsl.speakeasy.net May 5 06:13:03 firewall sh-httpd[2286]: refused connect from dsl092-171-025.wdc1.dsl.speakeasy.net
I think I understand now, and I believe I'm trying to do something dumb. I am just a lowly home DSL customer with a single external IP. Now I'm thinking that LaBrea needs spare EXTERNAL IP addresses to do anything. That is, it needs to see incoming traffic on an external (real world) IP that is assigned to me, but I'm not using. I think the only traffic coming down my DSL line is directed at my single IP. Is this correct? I was thinking before that LaBrea could work with all my internal 192.168.1.xxx IPs, but maybe not... Jabez > Jabez: > > Easy to do: you can adjust your firewall ruleset to > let those packets destined for a webserver (ie, > TCP-port 80) > "in". So, have the LEAF disk ACCEPT those packets, > and let > LaBrea tarpit them. Alternatively, to keep your LEAF > disk > lean, port-forward it's port 80 to port 80 on an > internal > machine that you have running LaBrea. Same effect... > > Since LaBrea is the only thing that receives the > data connection, your overall security hit is > reduced to the > security of LaBrea. Which, in my understanding, has > been > pretty well scrutinized. > > Kinda fun, in a way. :) > > -Scott > > > On Fri, 3 May 2002, Jabez McClelland wrote: > > > > > --- "Scott C. Best" wrote: > > > Jabez: > > > > > > Heya. As you probably know, that log looks like > a > > > CodeRed worm (an IIS web-server virus from early > > > last year). > > > It also looks like your firewall is simply > blocking > > > this > > > packet before any other process can see it, > > > including LaBrea. > > > This seems to me a Good Thing. :) > > > > > > > Thanks, Scott for responding... > > > > Yes I suppose it's a good thing - but an even > better > > thing would be if LaBrea could catch that worm and > > hold onto it for some time, like it's supposed to > do. > > Maybe the trick is to open up the firewall rules > in > > order to get LaBrea to do its job? Nothing in the > > docs about that... > > > > Jabez > > __________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
