Firewall Wizards mailing list archives
Re: Hacked
From: Bennett Todd <bet () newritz mordor net>
Date: Wed, 3 Mar 1999 17:56:14 +0000
1995-03-02-15:19:29 Bluefish [@ home]:
argh. that was a lot of text... What I was wondering is if I somehow could firewall tcp21 (FTP port) and still have it (the same application) accessable through ssh tunneling somehow?
If you find a way to do the ssh tunneling that works for you (I can't help with that, haven't tried that myself) then what remains is blocking non-local access to ftpd. That oughta be easy with ipfw or ipfilter or whatever --- set up a local kernel packet filter to block remote access to the daemon. This is also a standard fix when securing bastion hosts for DMZ use, where the syslogd on the bastion insists on listening to inet ports. But if you've got ssh all working, isn't scp a lot easier than tunneling ftp? Or if you want something fancier than scp, why not run rsync over ssh? OTOH, if you were to want e.g. anon ftp service, I'd probably go with djb's anonftpd. -Bennett
Current thread:
- RE: Hacked R. DuFresne (Mar 01)
- ZDNet Article: "Major Unix flaw emerges" David C Niemi (Mar 02)
- Re: ZDNet Article: "Major Unix flaw emerges" David LeBlanc (Mar 03)
- Re: ZDNet Article: "Major Unix flaw emerges" dbell (Mar 03)
- <Possible follow-ups>
- RE: Hacked dreamwvr (Mar 02)
- RE: Hacked Bluefish [@ home] (Mar 03)
- Re: Hacked Bennett Todd (Mar 04)
- ZDNet Article: "Major Unix flaw emerges" David C Niemi (Mar 02)