Since I've moved back onto campus and left my nice cozy firewall
behind, I'm paranoid about security again. :)
First I ran nmap on my host, checking all open ports and making sure
no sneaky root access daemons were running. Looks like I'm safe; most
of my open ports seem to be owned by portsentry. I decided to try -O
out of curiosity, and here's what I received:
TCP Sequence Prediction: Class=random positive increments
Difficulty=443419 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.2.14
I'm curious about the difficulty rating. What exactly is that? Should
I use that as a basis to be somewhat more confident about my security,
or is that something else?
I'm also mucking around with /etc/hosts.deny. Ideally I'd like to
block access to all services from all outside hosts, since I'm no longer
using my box to host my website and really don't need to offer
access. (I know that services like auth may occasionally be needed,
but I'll worry about that when it becomes a problem. :) I'd like to
give VMWare VM's access to my box though. So, I've added the following
to /etc/hosts.deny:
ALL: ALL EXCEPT 127.0.0.1 172.16.136.2 # win98 VM's IP
I'd like to use 172.16.136.* as the network address for any VM's that
I add; I may set up the Hurd in a VM sometime soon, and would like to
network it. Is it somehow possible to use a wildcard instead of the 2?
And, despite this line, I still receive portsentry attackalerts, even
after SIGHUP'ing inetd. So, am I smoking something here? :) I thought
that ALL was a wildcard, and that I could use it to block all
services. But is this wrong?
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
