From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kerry@gotss.eu.org>
Received: from executioner.lis.net.au([203.35.83.3]) (2420 bytes) by
 braille.uwo.ca
	via smail with P:esmtp/D:aliases/T:pipe
	(sender: <kerry@gotss.eu.org>)
	id <m13pgbc-0013uBC@braille.uwo.ca>
	for <speakup@braille.uwo.ca>; Sat, 28 Oct 2000 20:45:48 -0400 (EDT)
	(Smail-3.2.0.102 1998-Aug-2 #2 built 1999-Sep-5)
Received: from uucp by executioner.lis.net.au with local-rmail (Exim 2.05 #1)
	id 13pgbe-0002w1-00 (Debian); Sun, 29 Oct 2000 11:45:50 +1100
Received: from kerry by gotss.eu.org with local (Exim 3.12 #1)
	id 13pgSI-0003si-00 (Debian); Sun, 29 Oct 2000 11:36:10 +1100
Date: Sun, 29 Oct 2000 11:36:10 +1100
From: Kerry Hoath <kerry@gotss.eu.org>
To: speakup@braille.uwo.ca
Subject: Re: need a volunteer
Message-ID: <20001029113610.A14912@gotss.eu.org>
References: <Pine.LNX.4.21.0010281322370.947-100000@ignatious.1tree.com>
 <Pine.LNX.4.21.0010281336350.947-100000@ignatious.1tree.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: Mutt/1.0.1i
In-Reply-To: <Pine.LNX.4.21.0010281336350.947-100000@ignatious.1tree.com>;
 from cpt.kirk@1tree.net on Sat, Oct 28, 2000 at 01:40:23PM -0500
List-Id: <speakup.linux-speakup.org>

You might want to put an interface specifier on these rules;
otherwise somebody upstream can spoof ips through your firewall by making
internal ips show up on the external interface so di bind the rule to a
particular interface. This was a big problem with MS proxy 2
that wouldn't let you specify an interface for a particular rule.
On Sat, Oct 28, 2000 at 01:40:23PM -0500, Kirk Wood wrote:
> By the way any port can be instantly closed with ipchains. Again the
> general method is:
> 
> ipchains -A input -p tcp -d your_ip_address:port -j DENY
> 
> This will drop the packet as if it never occured. You can change the last
> part to REJECT in which case an icmp message is sent back to the
> originating host. But if you DENY the packet a port scanner won't see your
> machine. Don't rely on this to say you won't be attacked. It just lowers
> your profile.
> 
> By the way, while ATT at Home is less secure then some ISPs, the internet
> in general is a hostile world. If you really want to secure against it cut
> the connection. Next would be to find an ISP that will place you behind
> their firewall.
> 
> =======
> Kirk Wood
> Cpt.Kirk@1tree.net
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

-- 
--
Kerry Hoath: kerry@gotss.eu.org
Alternates: kerry@emusys.com.au kerry@gotss.spice.net.au or khoath@lis.net.au
ICQ UIN: 62823451