[CLUE-Tech] proper setup of NAT
Chris Schock
black at clapthreetimes.com
Tue Aug 3 08:01:04 MDT 2004
>In addition to the open
> ports it returned this ominous sounding message:
>
> Notice!, your natted (or real) IP address is 192.168.0.10.
> This information can be used to track your activities. I
> should not be able to obtain this information if your security
> is properly configured!
>
> Okay, so what do I need to change/add to my iptables so that my real IP
> address is hidden?
It would be nice if they told you how they got this info so you could plug
the hole. Maybe the site you used has more details somewhere in their web
pages, but it's possible that the info was gotten through ICMP, do you
have that open as well?
> On another security note I've gotten a handful of these type of log
> messages:
>
> Jul 30 21:20:06 xxx sshd[12529]: Illegal user test from 211.184.226.193
> Jul 30 21:20:18 xxx sshd[19500]: User guest not allowed because shell
> /dev/null is not executable
>
>
> So someone in China or Korea is trying to log into my machine that is
> behind the firewall.
Welcome to the club. I get oodles of these each day, they are nothing more
than folks scanning and looking for vulnerable accounts - they are not
singling you out specifically, since I see the exact same thing. If you're
really worried about it you can move SSH to a lesser known port.
More information about the clue-tech
mailing list