From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from <gentoo-user+bounces-99815-garchives=archives.gentoo.org@lists.gentoo.org>) id 1Mjvhb-0002FP-Oz for garchives@archives.gentoo.org; Sat, 05 Sep 2009 13:53:16 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DF4E1E0BBB; Sat, 5 Sep 2009 13:53:14 +0000 (UTC) Received: from Princeton.EDU (postoffice04.Princeton.EDU [128.112.131.112]) by pigeon.gentoo.org (Postfix) with ESMTP id C6295E0BBB for <gentoo-user@lists.gentoo.org>; Sat, 5 Sep 2009 13:53:14 +0000 (UTC) Received: from smtpserver2.Princeton.EDU (smtpserver2.Princeton.EDU [128.112.129.148]) by Princeton.EDU (8.13.8/8.13.8) with ESMTP id n85DrEcq003576 for <gentoo-user@lists.gentoo.org>; Sat, 5 Sep 2009 09:53:14 -0400 (EDT) Received: from sep.dynalias.net (fez.Princeton.EDU [128.112.129.190]) (authenticated bits=0) by smtpserver2.Princeton.EDU (8.12.9/8.12.9) with ESMTP id n85DrDGs024129 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT) for <gentoo-user@lists.gentoo.org>; Sat, 5 Sep 2009 09:53:14 -0400 (EDT) Received: by sep.dynalias.net (Postfix, from userid 1001) id 4A7FBD3CB6; Sat, 5 Sep 2009 09:53:33 -0400 (EDT) Date: Sat, 5 Sep 2009 09:53:33 -0400 From: Willie Wong <wwong@math.princeton.edu> To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Making sure I am a good netizen and secure. Message-ID: <20090905135333.GD2507@princeton.edu> Mail-Followup-To: gentoo-user@lists.gentoo.org References: <4AA235B9.90306@gmail.com> <200909051244.33464.alan.mckinnon@gmail.com> <4AA24501.2080702@gmail.com> Precedence: bulk List-Post: <mailto:gentoo-user@lists.gentoo.org> List-Help: <mailto:gentoo-user+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-user.gentoo.org> X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4AA24501.2080702@gmail.com> User-Agent: Mutt/1.5.16 (2007-06-09) X-Archives-Salt: 3f56a1f1-a48a-467f-9beb-96b200a44c74 X-Archives-Hash: 10aca804e04768d4914580e4409cda90 On Sat, Sep 05, 2009 at 06:01:21AM -0500, Penguin Lover Dale squawked: > Since ssh is not running, I assume it doesn't matter at this point? > I'll check into fail2ban and denyhosts. Any one better or more > preferred than the other? AFAIK, either of those are for brute force attacks on SSHD. If you are not opening up ssh... Personally I use neither. I rolled my own scripts to monitor brute force attacks and it has held up alright. You can make double sure and get iptables to drop all connections not originating from the LAN. Actually, go ahead, look into iptables, and apply brainpower like Alan said. On my setup, I just block almost everything (except ssh) by default and maintain a white-list of IPs. W -- These are things people "actually said" in court.... +++++++ Q: What is your date of birth? A: July fifteenth. Q: What year? A: Every year. +++++++ Q: What gear were you in at the moment of the impact? A: Gucci sweats and Reeboks. +++++++ Q: Sir, what is your IQ? A: Well, I can see pretty well, I think. +++++++ Q: Did you blow your horn or anything? A: After the accident? Q: Before the accident. A: Sure, I played for ten years. I even went to school for it. +++++++ Q: Trooper, when you stopped the defendant, were your red and blue lights flashing? A: Yes. Q: Did the defendant say anything when she got out of her car? A: Yes, sir. Q: What did she say? A: What disco am I at? +++++++ Q: Now doctor, isn't it true that when a person dies in his sleep, he doesn't know about it until the next morning? +++++++ Q: The youngest son, the twenty-year old, how old is he? +++++++ Q: Were you present when your picture was taken? +++++++ Q: She had three children, right? A: Yes. Q: How many were boys? A: None. Q: Were there any girls? +++++++ Q: How was your first marriage terminated? A: By death. Q: And by whose death was it terminated? +++++++ Q: Is you appearance here this morning pursuant to a deposition notice which I sent to your attorney? A: No, this is how I dress when I go to work. +++++++ Q: Doctor, how many autopsies have you performed on dead people? A: All my autopsies are performed on dead people. +++++++ Q: Doctor, before you performed the autopsy, did you check for a pulse? A: No. Q: Did you check for blood pressure? A: No. Q: Did you check for breathing? A: No. Q: So, then it is possible that the patient was alive when you began the autopsy? A: No. Q: How can you be so sure, Doctor? A: Because his brain was sitting on my desk in a jar. Q: But could the patient have still been alive nevertheless? A: Yes, it is possible that he could have been alive and practicing law somewhere. Sortir en Pantoufles: up 1002 days, 12:39