On Tue, 2008-04-08 at 23:58 -0400, Jim Anderson wrote:
> Hello all,
> I'm running K12LTSP v.5 in a computer lab that includes 2 Windows
> clients hanging off the internal network. We've received notice from
> the ISP that suspicious activity is occurring from the server's
> outside IP address on three different ports. How can I block those
> ports (I think the problem could be originating from the Windows 2000
1. Remove the NIC from the windows machines will stop the problem.
(isn't w2k EOL'ed now? No more security fixes?)
2. At the Linux gateway, block all access to the inside facing NIC for
the windows machines using any port but 80 and 443 (so they can surf the
web but nothing else). Set the iptables to allow established,related but
bit-bucket all other connection from the windoze machines.
3. Since the winders machines are passing traffic _through_ the Linux
system using NAT, add a rule allows SNAT from machines For specific port
connections only and bit-bucket the rest.
I personally think #1 is the easiest followed by #2.
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> K12OSN mailing list
> For more info see <http://www.k12os.org>
James P. Kinney III
CEO & Director of Engineering
Local Net Solutions,LLC
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
K12OSN mailing list
For more info see <http://www.k12os.org>