Stealthing Ports in system-config-securitylevel was: SSH brute force attack
Roger Grosswiler
roger at gwch.net
Fri Apr 29 08:41:56 UTC 2005
shrek-m at gmx.de schrieb:
> Roger Grosswiler wrote:
>
>> But i can tell you in a bit a philosophical way, that the firewall
>> should be done for newbs - they connect to the internet, no firewall
>> (i still see this now...) and they often never remark, that their
>> computer is captured.
> you mean here linux machines ?
No sir, windows-machines
>
>> And who has to resolve it??? Not themselves, as it is easier to
>> install a simple firewall than removing trojans, worms and alle the
>> rest of this *#%& - they trust on tools and experts and experts
>> writing those tools :-)
>>
>> I deleted on a friends machine 7 trojans and 3 dialers, nevermind
>> where he was surfing :-)
> i assume he had no on-access scanner.
No sir, in fact he had. But let's not talk about the age of his
signatures ;-)
>
> was this a linux machine
a windowzer
> or a windowzer behind an older linux-pc with a firewall or
> squid/danguardian ?
> see eg $ vi /usr/share/doc/rp-pppoe-*/configs/firewall-*
>
>> At least, i just installed him zonealarm (yes, his a windozer...),
>
>
>
> zonealarm for linux ? no thanks, i prefer iptables.
i fact, zonealarm is for windows, i'd never run it on linux, as i have
my iptables too :-) ...but shouldn't we think about lots of users to
change from windows to linux? Shall linux always stay for "gurus"???
>
>> closed everything and explained him, how to handle that part, if a
>> windows comes up and tries accessing to internet. Since then, he was
>> clean.
>
>
>
> OT:
> hahaha :-)
> if you close all eg. "generic host bla" he will run in trouble.
> i have seen zonealarms allowed everything because the "newbies" allow
> after a short time all applications.
> result: i have a firewall, why do i have trojans/worms/etc ?
>
[OT reply]
i closed everything, started the apps he needs (browser, email, what
else does he need really??? -> nothing!). The advantage of the
application level gateway is, that it remarks traffic, that shouldn't be
and asks for allowing of the app or disallowing. so he surfs and gets
his mails and is happy and since then, he never ever got any more that
stuff, as he also got antivir installed, which asks him each week to
update! :-) So, hopefully he also has some DISCIPLINE and just doesn't
open the firewall or equal (according to Will Hoopers reply from yesterday.)
Roger
More information about the fedora-test-list
mailing list