The Daily Static
  The Daily Static
UF Archives
Register
UF Membership
Ad Free Site
Postcards
Community
Geekfinder
UFie Gear
Advertise on UF
Forum Rules
& FAQ

Username

Password


Create a New Account

  
 

Back to UserFriendly Strip Comments Index
Linux firewalling by arachn1d2002-11-04 15:36:09
  I would say for a trigger, by caffine-iv2002-11-04 15:39:57
    Now that is ingenious by arachn1d2002-11-04 15:42:44
      Encrypt that email though... by phallstrom2002-11-04 15:54:26
        Possible problem there by arachn1d2002-11-04 15:58:04
          I actually wrote such a tool (though TCP)... by vyrus 2002-11-04 20:45:51
I called it dynfire (Dynamic Firewall Config). Quite frankly, I decided it wasn't worth the effort. My logic was as follows:

1) The only port that needs to be open to the internet is SSH.
2) SSH is known to be very secure.
3) I cannot verify that a program I write will not have an exploitable buffer overflow in it, or that I can design an algorithm for it that won't be open to replay attacks.
4) It is therefore much more likely that my computer will be secure if I open up SSH itself on a high-numbered port rather than put my own daemon there to open up ssh.

Good logic, yes? I have my setup so that ssh is open anywhere, and once I ssh in it detects my IP and automatically opens up other important ports (samba, ftp, etc.) Same effect, but more secure, I think.
[ Reply ]

 

[Todays Cartoon Discussion] [News Index]

Come get yer ARS (Account Registration System) Source Code here!
All images, characters, content and text are copyrighted and trademarks of J.D. Frazer except where other ownership applies. Don't do bad things, we have lawyers.
UserFriendly.Org and its operators are not liable for comments or content posted by its visitors, and will cheerfully assist the lawful authorities in hunting down script-kiddies, spammers and other net scum. And if you're really bad, we'll call your mom. (We're not kidding, we've done it before.)