[H-GEN] Network Nasties
Martin Pool
mbp at linuxcare.com.au
Thu Mar 2 02:34:31 EST 2000
On Thu, Mar 02, 2000 at 05:16:00PM +1000, Everist, Geoff wrote:
> All it takes is one host on the network to be compromised, and the
> whole internal network is opened up. There does not appear to be any access
> restraints on the private address space; I have a bog standard permanent
> modem account (I do not use the VPN services) and yet I can traceroute to
> and receive packets from the VPN addresses.
Perhaps your ISP is using the colloquial meaning of 'virtual',
i.e. 'not really private'?
Speaking of IP firewalling, the state tracking stuff in netfilter for
2.4 is very cool: for example, in
http://samba.org/netfilter/iptables-HOWTO-5.html
we configure "don't speak unless spoken to" rules appropriate for most
network-attached workstations that don't offer public services.
--
Martin Pool, (null), Linuxcare, Inc.
+61 2 6262 8990
mbp at linuxcare.com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20000302/71c69e41/attachment.sig>
More information about the General
mailing list