Firewall Wizards mailing list archives
Re: ipchains FW, monitoring for scans, & how to react to them
From: Crispin Cowan <crispin () cse ogi edu>
Date: Tue, 21 Dec 1999 06:11:32 +0000
Danny Rathjens wrote:
My question is how do you all feel about essentially doing the firewalling on the webserver itself with ipchains instead of a separate box that everything is filtered through.
I think the primary threat to web servers is the active content processing programs (the CGIs, the Perl scripts, the JSP's, the ASP's, etc.) all of which are accessed using HTTP requests, usually through port 80. Thus firewalls, whether on the web server or elsewhere, are essentially useless in protecting the web server. The firewall either blocks access to the web server, or grants it. No other magic happens.
1. On a web server I thought it was a cool idea to have portsentry running and when it detected a connection to some port like 110, 1, or 31337, it would alert me and drop an ipchains rule in place
If your web server is responding to ports other than 80, then it is badly configured. Fix it so that it only responds to port 80 (and whatever you use to publish) and you won't have to care about people portscanning it. I'd look to techniques such as CGI Wrap or chroot() to protect your web server. My company also has some technologies to address these problems, which I won't hype here for fear of tooting my own horn too much. Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 20)
- Re: ipchains FW, monitoring for scans, & how to react to them R. DuFresne (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them R. DuFresne (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Crispin Cowan (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Crispin Cowan (Dec 21)
- Re: ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 21)
- war dialers, are they a current threat? R. DuFresne (Dec 22)
- Re: war dialers, are they a current threat? S. Jonah Pressman (Dec 24)
- RE: war dialers, are they a current threat? Joseph Judge (Dec 26)
- Re: war dialers, are they a current threat? Dorian Moore (Dec 28)
- Re: ipchains FW, monitoring for scans, & how to react to them Danny Rathjens (Dec 21)
- Message not available
- Re: war dialers, are they a current threat? Eric Budke (Dec 24)
- Re: ipchains FW, monitoring for scans, & how to react to them R. DuFresne (Dec 21)
- <Possible follow-ups>
- Re: ipchains FW, monitoring for scans, & how to react to them Thom Dyson (Dec 21)