Re: request for help - [mha@suse.de: Re: ftpdata-2.2.12-patch]

James Simmons (jsimmons@edgeglobal.com)
Tue, 21 Dec 1999 09:04:17 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ralf Baechle: "Re: Ok, making ready for pre-2.4 and code-freeze.."
Previous message: Alan Cox: "Re: [linux-usb] Re: [patch] drivers/usb/usb.c: auto loading of USB"
In reply to: Ulrich Windl: "announce: PPSkit-0.9.0 released"

> > and wanted to use it to disable incoming TCP connections on ports >1024
> > except FTP passive ones. However the patch is not suited for that purpose
> > (it is for active connections going through firewall), but as Michael
> > wrote below it could be adapted.
> >
> > P.S. I know that in wu-ftpd there is feature to restrict the port range,
> > but I run different ftp server.
>
> So fix your ftp server. You don't need to go hacking on the kernel for this.
> Passive port ranges are an old old trick.

Yes. Please don't play with the kernel. Their are alot of nice programs
out their for this. Xinetd, tcpwrappers etc. If you really want to make
your site secure I recommand the new book out "Maximum Linux Security: A
Hacker's Guide to Protecting Your Linux Server and Workstation" by
SAM. Its a really good book.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ralf Baechle: "Re: Ok, making ready for pre-2.4 and code-freeze.."
Previous message: Alan Cox: "Re: [linux-usb] Re: [patch] drivers/usb/usb.c: auto loading of USB"
In reply to: Ulrich Windl: "announce: PPSkit-0.9.0 released"