 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Ron Senykoff wrote: >> > - First and foremost, I have my server set up in the standard >> dual-nic setup with one going to the DSL modem and the other one going >> to my intranet. YaST knew how to do this, and it was very easy to set >> up. The firewall tool under FC6 has just a few options, and no >> concept of zones. How do I set that up so I can masquerade NAT to eth1? > > Is this a server or a firewall? Since it is connected directly to your > cable modem... you really need a true stateful firewall in front of it > or you're most likely going to get hacked again. I would never > recommend a server be doing this dual purpose kind of functionality. > Instead, I would recommend something like smoothwall (on an old PC) in > front of it, which would allow you to create a DMZ and LAN, then put > the server in the DMZ (which will still be accessible from the LAN). For heat, noise, and power reasons, I can't justify running more than one computer 24/7. Nor would it have mattered for this attack, since it was on a web application running on a standard port. I do have a WRT54G which I use for wireless, and toyed with the idea of putting that in front of my server as a first line of defense, but I don't know that I trust the Linksys more than I trust iptables. And the ONLY kind of attack it's any good at protecting against is if you have an open port with a service listening to it that you don't know about. It can never prevent an attack on your server that exploits software listening to a port you have intentionally open. This is my second hack-in in about 7-8 years, which ain't too bad for a non-SysAdmin (though I play one at work on occasion). Both attacks were on exploits of software. The first one was when I set up my very first internet-facing server, and had no idea what I was doing. I was hacked into after only five weeks. Then I learned how to do it right, and had a perfect record up to now. This hack was also my fault, because I set up internet-facing software without fully configuring it, then abandoned it. Not doing that will fix this kind of attack. A firewall in front of the server can't. Am I wrong? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
