[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    Re: ssh keyscanning!?
From:       "Karl E. Jorgensen" <karl () jorgensen ! com>
Date:       2002-03-21 12:32:51
[Download RAW message or body]

On Thu, Mar 21, 2002 at 01:00:51PM +0100, Daniel Kobras wrote:
> On Thu, Mar 21, 2002 at 10:31:02AM +0000, Karl E. Jorgensen wrote:
> > The firewalling I have in place only allows incoming connections for
> > ssh. UDP is locked down so only DNS works there. And by mistake (fixed now), 
> > it also allowed incoming DHCP requests from the internet.
> 
> Careful here.  The first DHCP request from a freshly booted machine
> doesn't carry a local IP address (but either 0.0.0.0 or random crap).
> So make sure you don't filter by IP address, but by interface at most.

Yep. My mistake was just to filter by protocol + port number, and
ignoring the interface.

By now I have found that I only have dhcpd listening on eth0 (my
internal network).  Which means that dhcpd was completely irrelevant
here. Sorry about the wild goosechase.

-- 
Karl E. Jørgensen
karl@jorgensen.com
www.karl.jorgensen.com
==== Today's fortune:
* JHM wonders what Joey did to earn "I'd just like to say, for the record,
  that Joey rules."
	-- Seen on #Debian

[Attachment #3 (application/pgp-signature)]
-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


[prev in list] [next in list] [prev in thread] [next in thread]