[CentOS] Security advice, please

Anne Wilson cannewilson at googlemail.com
Tue Dec 23 13:06:01 UTC 2008


My LAN is behind a Netgear router, which does NAT.  On the CentOS server I 
have fail2ban running.  This morning my router reported 3 different IPs 
attempting to send UDP packets to port 38950,  Since each address is only seen 
4-5 times, I presume that fail2ban took over after that.

GRC reports that ports are stealthed (port 143 was open, but is now closed), 
but then:

Unsolicited Packets: RECEIVED (FAILED) — Your system's personal security 
countermeasures unwisely attempted to probe us in response to our probes. 
While some users believe that "tracking down" the source of Internet probes is 
useful, experience indicates that there is little to gain and potentially much 
to lose. The wisest course of action is to simulate nonexistence — which your 
system has failed to do. Your counter-probes immediately reveal your system's 
presence and location on the Internet.

So, two questions really.  First, what should I be looking for on the router, 
to turn off this 'tracking down' activity?  

Then, I want to read from my own IMAP server when I'm away from home.  Is 
there a better way than opening port 143?

Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.centos.org/pipermail/centos/attachments/20081223/7c24bdee/attachment.bin 


More information about the CentOS mailing list