[CentOS] Security advice, please
cannewilson at googlemail.com
Tue Dec 23 13:06:01 UTC 2008
My LAN is behind a Netgear router, which does NAT. On the CentOS server I
have fail2ban running. This morning my router reported 3 different IPs
attempting to send UDP packets to port 38950, Since each address is only seen
4-5 times, I presume that fail2ban took over after that.
GRC reports that ports are stealthed (port 143 was open, but is now closed),
Unsolicited Packets: RECEIVED (FAILED) — Your system's personal security
countermeasures unwisely attempted to probe us in response to our probes.
While some users believe that "tracking down" the source of Internet probes is
useful, experience indicates that there is little to gain and potentially much
to lose. The wisest course of action is to simulate nonexistence — which your
system has failed to do. Your counter-probes immediately reveal your system's
presence and location on the Internet.
So, two questions really. First, what should I be looking for on the router,
to turn off this 'tracking down' activity?
Then, I want to read from my own IMAP server when I'm away from home. Is
there a better way than opening port 143?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: This is a digitally signed message part.
More information about the CentOS