From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Fyti7-0000Bx-Dy for garchives@archives.gentoo.org; Fri, 07 Jul 2006 17:01:48 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k67GwsCg025173; Fri, 7 Jul 2006 16:58:54 GMT Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.206]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k67Gkx3T032187 for ; Fri, 7 Jul 2006 16:46:59 GMT Received: by nz-out-0102.google.com with SMTP id 8so1508788nzo for ; Fri, 07 Jul 2006 09:46:58 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=FEzoOKmWvFRWJjsagV/KaYHHPxa1GDF3k1l2P4EBCn9EzfYeiegsePpqyzEziLYvMAsnwe1Qk4kTYZ/8klpS2dWGW3yagkDgL9tyPzOVSuMR03VhGTfgk8kQr/y1/fkU3b/QqC7N+By5EZh380JXOmnAPqlo3bFX3ira/NrgyxY= Received: by 10.64.83.17 with SMTP id g17mr2480268qbb; Fri, 07 Jul 2006 09:46:58 -0700 (PDT) Received: by 10.65.240.5 with HTTP; Fri, 7 Jul 2006 09:46:58 -0700 (PDT) Message-ID: Date: Fri, 7 Jul 2006 12:46:58 -0400 From: "Devon Miller" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Protecting my server against an individual In-Reply-To: <342e1090607060739k731d9e5flce698b52cc0b9e9a@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_29843_6032796.1152290818687" References: <49bf44f10607041556w3db1b64et625c088ba8c56541@mail.gmail.com> <44AB1C8E.4090903@gmail.com> <44AB6C6A.9040008@mid.message-center.info> <44ABEB65.6080200@gmail.com> <44AC5209.60803@gmail.com> <44AC5AFB.1050806@gmail.com> <342e1090607060739k731d9e5flce698b52cc0b9e9a@mail.gmail.com> X-Archives-Salt: 78d8a008-1f02-4770-892c-24ccc66bdbc0 X-Archives-Hash: 3d87e2cf4c2a4724babd4da3e49d94b3 ------=_Part_29843_6032796.1152290818687 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline An option for ports that don't need to be open constantly (like 80 & 443) is to use net-misc/knockd. Portknocking allows a port to be opened on demand in response to a series of attempted port opens. There's a wiki page on it here: http://gentoo-wiki.com/HOWTO_Port_Knocking. Note, if he is on the same LAN as you or the machine you're trying to secure, this will only slow him down, not stop him. (he can sniff packets and determine the knock sequence.) dcm On 7/6/06, Daniel da Veiga wrote: > > On 7/6/06, Lord Sauron wrote: > > On 7/5/06, Ryan Tandy wrote: > > > Steven Susbauer wrote: > > > > > > > > On Wed, 5 Jul 2006, Ryan Tandy wrote: > > > > > > > >> Lord Sauron wrote: > > > >>> If you can, what I'd do is try and get the guy's MAC Address or > > > >>> something and then totally block that off. That's send him away > right > > > >>> quickly. I don't know enough to know if that'd be totally > possible, > > > >>> but if the guy isn't terribly intelligent, that'll send him > packing. > > > >> net-analyzer/macchanger ;) > > > >> > > > > > > > > What's this? Portage on Windows? > > > > > > More just to mention that there is such a thing out there. And if it > > > exists for us, chances are he has a similar tool available. > > > > However, if you block his mac without an error message, then he can't > > know how you're identifying him to block him. He probably won't know > > what to do, and just might give up then. Worth a try, if nothing > > else. > > > > Yeah, that's pretty much true. For a LAN. Doying it at the Internet > would most probably blacklist a entire subnet that's routed to you > with that MAC. So, not worth a try, it would be something more to > configure, and get you no benefit at all, while risking making your > machine invisible for people who could use the services you are trying > to securely provide. > > -- > Daniel da Veiga > Computer Operator - RS - Brazil > -----BEGIN GEEK CODE BLOCK----- > Version: 3.1 > GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V- > PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++ > ------END GEEK CODE BLOCK------ > -- > gentoo-user@gentoo.org mailing list > > ------=_Part_29843_6032796.1152290818687 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline An option for ports that don't need to be open constantly (like 80 & 443) is to use net-misc/knockd.
Portknocking allows a port to be opened on demand in response to a series of attempted port opens.
There's a wiki page on it here: http://gentoo-wiki.com/HOWTO_Port_Knocking.
Note, if he is on the same LAN as you or the machine you're trying to secure, this will only slow him down, not stop him. (he can sniff packets and determine the knock sequence.)

dcm

On 7/6/06, Daniel da Veiga <danieldaveiga@gmail.com> wrote:
On 7/6/06, Lord Sauron <lordsauronthegreat@gmail.com> wrote:
> On 7/5/06, Ryan Tandy <tarpman@gmail.com> wrote:
> > Steven Susbauer wrote:
> > >
> > > On Wed, 5 Jul 2006, Ryan Tandy wrote:
> > >
> > >> Lord Sauron wrote:
> > >>> If you can, what I'd do is try and get the guy's MAC Address or
> > >>> something and then totally block that off.  That's send him away right
> > >>> quickly.  I don't know enough to know if that'd be totally possible,
> > >>> but if the guy isn't terribly intelligent, that'll send him packing.
> > >> net-analyzer/macchanger ;)
> > >>
> > >
> > > What's this? Portage on Windows?
> >
> > More just to mention that there is such a thing out there.  And if it
> > exists for us, chances are he has a similar tool available.
>
> However, if you block his mac without an error message, then he can't
> know how you're identifying him to block him.  He probably won't know
> what to do, and just might give up then.  Worth a try, if nothing
> else.
>

Yeah, that's pretty much true. For a LAN. Doying it at the Internet
would most probably blacklist a entire subnet that's routed to you
with that MAC. So, not worth a try, it would be something more to
configure, and get you no benefit at all, while risking making your
machine invisible for people who could use the services you are trying
to securely provide.

--
Daniel da Veiga
Computer Operator - RS - Brazil
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
------END GEEK CODE BLOCK------
--
gentoo-user@gentoo.org mailing list


------=_Part_29843_6032796.1152290818687-- -- gentoo-user@gentoo.org mailing list