[K12OSN] port blocking
James P. Kinney III
jkinney at localnetsolutions.com
Fri Apr 11 04:23:15 UTC 2008
On Thu, 2008-04-10 at 08:57 +0200, Nils Breunese wrote:
> James P. Kinney III wrote:
>
> > On Tue, 2008-04-08 at 23:58 -0400, Jim Anderson wrote:
> >
> >> I'm running K12LTSP v.5 in a computer lab that includes 2 Windows
> >> clients hanging off the internal network. We've received notice from
> >> the ISP that suspicious activity is occurring from the server's
> >> outside IP address on three different ports. How can I block those
> >> ports (I think the problem could be originating from the Windows 2000
> >> machines).
> >
> > 1. Remove the NIC from the windows machines will stop the problem.
> > (isn't w2k EOL'ed now? No more security fixes?)
>
> K12LTSP5 has reached EOL as well.
True. But it at least _started_ from a sound security footing :)
Actually, as long as a K12LTSP5 server does NOT have a directly
connected outward facing NIC, it is possible to use it's built in
firewall (iptables) to create a very secure system. The security risk is
from the client facing side anyway. The only real danger is user
elevation to root security holes. There is no reason to run other
outward facing services on a K12LTSP server other than ssh.
>
> Nils Breunese.
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
--
James P. Kinney III
CEO & Director of Engineering
Local Net Solutions,LLC
770-493-8244
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the K12OSN
mailing list