[K12OSN] port blocking

James P. Kinney III jkinney at localnetsolutions.com
Thu Apr 10 00:24:38 UTC 2008


On Tue, 2008-04-08 at 23:58 -0400, Jim Anderson wrote:
> Hello all,
> 
> I'm running K12LTSP v.5 in a computer lab that includes 2 Windows
> clients hanging off the internal network.  We've received notice from
> the ISP that suspicious activity is occurring from the server's
> outside IP address on three different ports.  How can I block those
> ports (I think the problem could be originating from the Windows 2000
> machines).
1. Remove the NIC from the windows machines will stop the problem.
(isn't w2k EOL'ed now? No more security fixes?)

2. At the Linux gateway, block all access to the inside facing NIC for
the windows machines using any port but 80 and 443 (so they can surf the
web but nothing else). Set the iptables to allow established,related but
bit-bucket all other connection from the windoze machines. 

3. Since the winders machines are passing traffic _through_ the Linux
system using NAT, add a rule allows SNAT from machines For specific port
connections only and bit-bucket the rest.

I personally think #1 is the easiest followed by #2.
> 
> Jim
> 
> 
> -- 
> This message has been scanned for viruses and 
> dangerous content by MailScanner, and is 
> believed to be clean. 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC        
770-493-8244                    
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the K12OSN mailing list