On Sat, 1 Jun 2002, Wayne Johnson wrote: > Hmmm. I just set up a system, tell it to reject packets for all ports > I'm not using especially telnet, ftp, and the other usual suspects. > Guess I've never heard of gShield. Am I being naive? Should I be > looking into a bit more protection. The best protection money can buy is to disconnect the network cable short of that it is just playing a game of how much you can/will compromise... for me i start with dropping all packets, it makes the firewall more "stealthy" and it causes an nmap to scan for a long time because it has to wait for the connections to timeout, but violates RFCs... thyen i open the ports for the services that i need, SSH, IMAPS, HTTP, HTTPS, DNS and so forth. It is highly recommended that you sections off your network into seperate parts with strict ACLs but that is just too much of a headache for my small network next install portsentry and have it drop all connections from the bastard who tried to scan you... that is just for the network, internally you should setup some shit like tripwire and make sure you update your packages regularly, -munir