ftp://ftp.eng.auburn.edu/pub/doug/klaxon.tar.gz
-----Original Message-----
From: Andrew Daviel [mailto:andrew@andrew.triumf.ca]
Sent: Thursday, July 23, 1998 2:01 AM
To: Vancouver Linux Users
Subject: Re: Linux serity enhancements... CD-R burning service...
On Wed, 22 Jul 1998, Ya`akov N. Miles wrote:
> I really appreciated Andrew Daviel's message re security..
> I edited my /etc/exports to allow NO nfs mounts, and I mounted
> my stale SCSI disks option NOSUID. I have disabled TELNET
> RLOGIN and a host of others in my /etc/hosts/deny file. My
Thanks ...
I didn't really emphasize it, but in modern Linux one would typically
configure tcpd (/etc/hosts.deny) to reject unwanted connections rather
than commenting them out in inetd.conf. That way, you get a logfile entry.
I've even turned on services I don't have with a dummy process just to
spot port scanning.
Timothy J. Luoma's deny.sh at http://www.peak.org/~luomat/scripts/ is an
interesting example of what one can do; not only do you get the logfile
entry, you get email warning of an intrusion attempt plus optional
route blackholing and node discovery. The unix@Home bunch get a constant
trickle of probes on imapd, telnet etc., and a port scan of more than
about 4 members gets you an email to your ISP ....
Andrew