-=> On 02-27-22 22:25, Nightfox wrote to Vk3jed <=-
Ni> You have all your ports exposed publicly to the internet? Or perhaps
Ni> there's an alternative to NAT that I'm not aware of..? I thought pretty
Ni> much everyone with internet at home would be using a router, and I
Ni> thought NAT a standard feature of a router for some level of
Ni> protection.
NAT != security. You've fallen for the big myth that NAT is somehow more
secure. All it does is screw up some protocols (FTP anyone?), and puts
arbitrary limits on incoming traffic (2 BBSs on the same port, NO WAY!).
NAT is an ugly hack to help with IPv4 shortages.
First defence is only have the services (daemons) you need running and
listening only on the IP/port combinations you want. If further limiting of
access is needed, then there's this wonderful thing called a firewall. ;)
iptables on Linux does an excellent job, and even Windows Firewall doesn't do a
bad job, if properly configured.
... You were sent here as a warning to others, weren't you?
--- MultiMail/Win v0.52
■ Synchronet ■ Freeway BBS, Bendigo Australia. freeway.apana.org.au
|
