On Wed, 4 Apr 2001, John Aldrich wrote:
> Speaking of this....
> Checking my logs lately, I've been seeing a TON of "print request from [ip]"
Op. Yep. One of the worms also exploits lpr.
> which is usually some remote IP, often in a foreign country. Is this indicative
> of a new exploit? I'm running RH 6.2, locked down pretty well, I think. Heck, I
> can only SSH in to my workstation from Two IP addresses (one of which is any
> machine on my LAN at home <G>)
> I'm also seeing random portscans. I saw a thread in here earlier on a new
> feature in the latest kernels which will allow one to deny/drop all inbound
> requests that aren't in response to an OUTBOUND request. Is there any way to
> implement a feature similar to this in RH 6.2 using IPCHAINS?
This is a feature in iptables. You can drop any packets that are NEW, or
allow only packets that are ESTABLISHED or RELATED. This is possible only
because of the new connection tracking code in 2.4.
thornton
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
