From: "Rod Gasson" 


"Bob Lawrence" 
wrote in message
news:1085902244{at}p12.f610.n712.z3.ftn...

> RG> Yeah, that really must've been a few years ago. These days it
> RG> isn't unusal to expect thousands of 'attacks' per day - at
> RG> least that is what is being dropped by our firewall every day.
> RG> consistantly.
>
>  Jesus! Where do they originate?

All over the planet.

> And how do so many get your address anyway?

Partly because we have a permanent IP address, but mostly it's just random
scanning.

Oh, also, the main part of our business these days is offering webhosting
services, so needless to say, our domain name(s) and other contact
information is readily available from many different sources.

One of our IP addresses is actually on a dynamic link, and even that one
starts to get 'probed' within MINUTES of us being connected.

It really is a jungle out there.

> RG> It isn't hard to set up a maintainance free firewall. It isn't
> RG> as though you need to update them whenever a new exploit is
> RG> found, because the firewall should be dropping any incoming
> RG> accesses that aren't specifically allowed anyway.
>
>  My worry is that someone will penetrate.

But if all unused ports are blocked the only means of penetration is via the
allowed ports (web, ftp, email, etc) and needless to say we have ADDITIONAL
protection mechanism's in place at the server level to help prevent these
being exploited.

> David tells me he runs a hardware firewall.

Hmm, a hardware firewall will be fucking hard to configure.  I'll wager that
software is involved, just like our own firewall, which as I've mentioned is
nothing more than an old 486 running a linux kernal with packet filtering
and an SSH server to allow configuration/administration.  It has no hard
drive, it boots from a write protected floppy, and runs entirely in RAM.

> > I have learned, that no matter how smart you are (or think you
> > are) there is always someone a dollar ahead and a day early.

True, but that doesn't mean that I/we need to be the last in the pack. All
we gotta do is stay one step ahead of most.

> fact, I'd like to know why Telstra and the rest can't do what the BBS
> sysops used to do, and filter the unwanted shit. How hard could it be
> to dump whoever launched the last spam attack?

There are many answers to this one.
Firstly, as an Internet hosting business I don't want our uplink (Telstra)
from filtering ANY of the emails destined to ANY of the clients we host.  We
are quite capable of doing this ourselves thank you.

Secondly,  Telstra, etc ultimately base their prices on how much data is
sent across their network, more spam = more traffic = more profit.

Thirdly, very little spam actually originates from the Telstra servers (or
their customers). The bulk of the spam originates overseas.

Fourthly,  while one ISP may consider Email promoting Viagra as being spam,
some people consider it to be 'ham', so trying to block 'spam' at such a
high level is going to alient and/or inconvenience a lot of people.  Spam
blocking is (or should be) a PERSONAL decision.

> > I plan to set up two machines: the Linux gateway that runs 24/7
> > but with *no* product on it.

That's what we have..   The only 'product' being the SSH server for admin
purposes.
This machine doesn't even have a monitor or keyboard connected to it.
The SSH server can only be accessed via our own machines (actually, only MY
machine).

> RG> If you're at all interested, we settled on using a Linux distro
> RG> called 'Coyote' for our firewall needs. It boots from floppy,
> RG> runs from RAM. No HD needed, and it is using a very old 486
> RG> machine with only 8mB ram.
>
>  I know about that idea... allowing for the fact that I know nothing
> about Linux and firewalls,

This much is obvious.

> have a very low intelligence, a shaky grip
> on electronics,

I know better than to accept this.  As much as I like to 'argue' with you I
certainly DON'T consider you to be of low intelligence.

> > If I must run an executable, then I'll do it on the Linux
> > machine.
>
> RG> How do you propose to run Windoze executables on a Linux
> RG> machine?
>
>  The way I do now...

Which is?   Wine?  Bochs?

The only reason I keep a windoze machine running is because because we do
our quartarly BAS returns online, and the ATO hasn't made a linux version of
this software available. I'd REALLY like to know how I can run this s/ware
on a linux box so I can say goodby to windoze forever.

> RG> How many Linux executables do you know of that are actually
> RG> viruses?
>
>  Can I call a friend?

Are you planning to hold a seance or something?

Cheers
Rod


--- ifmail v.2.15