Linux Security, Was Re: [CLUE-Tech] enabling ftp
Kevin Cullis
kevincu at orci.com
Sat Mar 17 17:37:23 MST 2001
You can find it here:
http://www.psionic.com/abacus/portsentry/
You can a sortof HOWTO here:
http://www.linuxnewbie.org/nhf/intel/security/portsentry1.html
I know THIS helps.
Kevin
Cyberclops wrote:
>
> Where do you get "port sentry" and is it for Linux?
>
> Kevin Cullis wrote:
> >
> > Absolutely!! After Grant got caught, I installed Port Sentry in about
> > 20 minutes (I'm new at getting at the guts of Linux) and I went back to
> > grc.com and it works like a champ. Now I just got to figure out where
> > to put the commands to start it when I restart my CPU, which the runtime
> > is going on 50 days.
> >
> > Kevin
> >
> > ian wrote:
> > >
> > > I cant' say this enough. TURN OFF FTP ASAP!!!!
> > >
> > > Especially since your on a cable modem (Road Runner?). It is amazingly
> > > easy to snoop on the Cable modem network to capture cleartext login passwords.
> > >
> > > That was how I originally got compromised. I went down the same path that
> > > you are with how to secure your box. First I'll get ftp.. then I'll get
> > > apache.. then I'll get ssh.. then I'll put a firewall up. Wrong order..
> > >
> > > What'll happen is .. "Honey.. I need you to go to the store and get lunch.
> > > Ooppss.. didn't get ssh up this weekend. Its on my todo list. Honest."
> > >
> > > Before you go any farther lock down your connection with a firewall. The
> > > learning curve is worth it. Then get SSH on. Make sure that everything is
> > > turned off that you aren't using such as telnet, ftp, RPC, X, the list goes
> > > on and on and on. You can test yoru connection and what is open on it
> > > by going to http://www.grc.com
> > >
> > > If you have SSH running properly you don't really need an ftp server at all.
> > >
> > > ian
> > >
> > > On Fri, Mar 16, 2001 at 04:26:17PM -0700, rfrank wrote:
> > > > Usually the how-to's and the newbie help files get me through it,
> > > > but I'm stumped on this one. I've taken Mandrake 7.2 and set it up
> > > > as a firewall/IP masquerader on a dedicated machine with my home
> > > > network on the 2nd Ethernet card side of that box. That all works fine
> > > > as far as I can tell.
> > > >
> > > > Now, from outside, I want to be able to ftp into that machine and
> > > > get files. (Later I want to telnet and ssh and even put a web page up,
> > > > but that's further down the learning curve.)
> > > >
> > > > I have the (default) entry in /etc/passwd for ftp, I haven't modified
> > > > /etc/ftpaccess but made sure it's there. I do have the line
> > > > /sbin/modprobe ip_masq_ftp in my /etc/rc.d/rc.firewall script.
> > > > /etc/inetd.conf looks good to me (as best as I would know).
> > > > But when I try to connect to my dedicated IP address from
> > > > a machine outside my local network, I get:
> > > > [rfrank at brechin rfrank]$ ftp 24.221.212.160
> > > > ftp: connect: Connection refused
> > > > ftp>
> > > > I get similar results with telnet to the same address.
> > > >
> > > > This can't be that tough. What have I missed? A firewall rule?
> > > > Turning on some daemon?
> > > >
More information about the clue-tech
mailing list