Re: how to interpret this iptables log. My computer compromised?
From: Pete Houston (ph1_at_zapthisbit.openstrike.co.uk)
Date: 08/05/03
- Previous message: John SMith: "Re: Sun Ultra 5, Debian adn SNORT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 05 Aug 2003 09:33:12 GMT
In article <csWUa.299$Cx4.109497@news20.bellglobal.com>, H. S. wrote:
> Jeremia d. wrote:
> In the last hour or so, I was experimenting with some iptables scripts
> and in the process I stopped iptables a few times (3 or 4) for a few
> seconds, only long enough to let the next script run. Then I saved those
> new rules with '/sbin/iptables -save'.
>
> Is this dangerous? Leaving my computer open only for a few seconds (3~10
> sec)?
In a word, yes. Of course, the longer you are "open" the more dangerous
it is, but there is no need to be "open" at all. Simply take the
relevant interface down, and make all your iptables mods while it is
off-line. Only when you are sure that you are secure again, bring the
interface back up. Hopefully you will see in your boot sequence that the
iptables rules are processed before the interfaces are brought up, and
this is the reason for that.
Pete
-- Openstrike - improving business through open source http://www.openstrike.co.uk/
- Previous message: John SMith: "Re: Sun Ultra 5, Debian adn SNORT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
