Let me just chime in for a sec. Even better than twidling with hosts.[allow|deny] is a set of good block-by-default ip filtering chains. I can't offer any actual advice on configuring ip<whater it is in linux now> since I only expose OpenBSD to the wide internet. That's got a totally awesome package 'ipf' (which may be supplanted with OpenIPF shortly). In general though, it is better policy to prevent the traffic from ever reaching tcpd. Josh ___SIG___ On Tue, 5 Jun 2001, Brian wrote: > On Tue, 5 Jun 2001, Dave Sherohman wrote: > > > > > Nah. They're talking to portmap, not telnetd. Those requests are asking > > about available RPC services, most likely in hopes of finding a vulnerable > > NIS or NFS installation. > > Ok, I've heard of exploits on RPC, now I'm curious. What's using RPC? Is > it just NIS and NFS? I've heard of tons of RPC ports strewn about that > can be exploited, it's the only remaining port that I'm worried about on > my system. > > back to the original question on security, port scans are part of > life. Kiddies all over the internet like to run their port scanners > because they're HACKERS and they're unstoppable! just like in the > movie! *rolls eyes* Just make sure you aren't running anything > unnecessary, like xfs, nis, nfs, etc. Out of curiosity, are you on a > cable modem? I've noticed that when I was on DSL no one even looked at my > box but on cable in the last week I've collected large amounts of IP > addresses probing away at my firewall. They've mainly been targeting FTP, > which is odd, since I hadn't had ftpd up and running at that point. Real > bright ones, they are! :-) > > tcp wrappers do a pretty good job, an ALL:ALL in hosts.deny lets me sleep > at night anyway. I also have a policy of denying ICMP requests on my > outside interface just to thwart the really stupid kiddies. Between these > two I feel relatively secure. Then just check your startup script to make > sure you aren't running anything you don't need to be. > > -Brian > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list >