ssh connecting to wrong machine....
George Georgalis
georgw@galis.org
Mon, 3 Jun 2002 16:57:37 -0400
On Mon, Jun 03, 2002 at 07:13:17AM -0500, Matthew Hellman wrote:
>
>Looks good. The only other thing I'd do is change your default OUTPUT
>policy to DROP and add this:
>iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
>There was a recent bug in the iptables code that had some security
>implications (information disclosure), but I don't recall the details at the
>moment. The suggestion was to drop INVALID output, which this does.
I think I heard about that, disclosing LAN IPs? I didn't really pay
attention at the time, thanks, it's fixed now.
// George
--
GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229
Security Services, Web, Mail, mailto:george@galis.org
File, Print, DB and DNS Servers. http://www.galis.org/george