On Sat, 2011-07-16 at 23:43 +0100, Keith Roberts wrote: > Data Driven Attacks Using HTTP Tunneling > > "... HTTP Tunneling Example > > http://www.symantec.com/connect/articles/data-driven-attacks-using-http-tunneling > > Sounds a bit scary to me, as any website needs to have port > 80 open to allow access to that website. Do not forget that Symantec is a commercial entity trying to make money (perhaps by scaring people?). If you have a public web site, then your IPtables should let in traffic on ONLY the allocated IP address and port(s) defined in your Apache configuration file. Do not allow access from a range of IP addresses, allocate one IP address for your web site and enforce that both in IPtables and in the Apache configuration. Ditto port(s). In you are only using port 80 ensure all other ports are OFF or not allocated (Listen) in Apache. Allow-in via IPtables one IP address and port 80. If using SSH, FTP, phpmyadmin etc. etc. then DO NOT use the standard ports. Allocate a different IP address (if you have several) and use a non-web IP address for SSH and a different non-web IP address for phpmyadmin etc. WITH non-standard ports (you can go as high as about 64000). Also consider ONLY allowing access from predefined static IP addresses (under your control). Do not make it easy for the hackers. Give them a difficult time. -- With best regards, Paul. England, EU.