Sam Kuper escribió: > 2008/11/10 Sam Kuper <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> > > By using REJECT instead of DROP, you have no stealth. This means > you can be port-scanned to look for weaknesses, e.g. unpatched > OpenSSH vulnerabilities, etc. > > > That said, if SSH traffic is blocked, an OpenSSH vuln. might not be > significant. If you're allowing and inbound traffic, though, any > unpatched flaws in the app servicing that inbound traffic could expose > your system to attack. > > Also, by REJECTing rather than DROPping, you might be more vulnerable > to DoS attacks. > > Consider using a default (LOG and) DROP policy instead. Michael Rash's > site (www.cipherdyne.org <http://www.cipherdyne.org>) has some good > resources for learning about this and implementing it. Ok, i have set default policy in DROP. What more could I do?
Thank you very much. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
