On 25/06/02 08:34 +0530, Arvind wrote: > > | All cracking happens at the application layer. Try breaking into a box > | running no services, and not running idiotic client applications like > | IE/OE/O. > > Cracking can also happen at packet level. > Spoofing and Denial of service is a common example. A spoof is not a crack. A DoS is not a crack. > > |No firewall is going > |to protect a public unpatched IIS server. > > This depends on the hacker. If the hacking method is know to the firewall, Errrr, nimda walked through all those firewalls. So did code red.
> it will filter out those packets after monitoring the content and will not > let that know method reach the unpatched IIS server. What if the crack is a perfectly valid request? > But if it is a new method, the firewall will not know and might let that > packet through. Its like an anti-virus. Nah. An application level firewall can validate the protocol, and stop invalid commands, but it cannot stop a valid request. > so either we patch the IIS or wait for a new version of the firewall which > might filter out the new mechanism for cracking. > > I have to run 2 linux servers for > > 1. as a DNS only. > services running are > 22/tcp open ssh > 53/tcp open domain > > what can i do to make it absolutely difficult for a cracker to crack it, but > at the same time, my DNS is running prefectly. > i have upgraded the BIND packages to the latest. Upgrade the ssh too. OpenSSH seems to have a bug, but Theo has just said to upgrade without specific details. 3.3. Or you could hold out till next Monday. s/bind/djbdns/ > 2. as a mail server > service running are > 22/tcp open ssh > 25/tcp open smtp > 110/tcp open pop-3 > 143/tcp open imap2 > 389/tcp open ldap > 3306/tcp open mysql > > both the machines have iptables. > what would be a quick summary to keep my machines secure. Stop using pop3. Use pop3s. Similar for SMTP. Though you use postfix and should not need to bother about TLS yet. gpg is a good thing though. ldaps. imaps. stunnel for mysql, unless you need it only on localhost and in that case don't have it listening on the TCP port. Note that no firewalling rules were specified. Packet filtering firewalls are for logging purposes only and you need to bother about those iff you actually read your logs. Devdas Bhagat ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
