linux_user at grax.com
Wed Aug 22 16:16:08 UTC 2001
I support a policy of this kind in @home. I'd like to see incoming
ports 25 (smtp), 80 (http), 110 (pop), 137, 138, 139 (smb/windows
networking) and possibly 21 (ftp) blocked. It is very inconvenient in
many cases but there are all kinds of folks out there with their Windows
machines sitting there just waiting to become zombie machines for the
next script kiddie that comes along and wants to flood out this thing or
that. (not to mention a few redhat machines in that category)
>From my firewall logs I have lists of many machines that are just
waiting to become zombies.
I'm not sure how technically feasible it is but I would like to see some
sort of detection scheme to shut off end users if their machine is being
using in a DOS attack.
A basic security orientation (booklet or something) for new cable
modem/dsl users would be great to see also.
More information about the OLUG