Complete.Org: Mailing Lists: Archives: discussion: August 2002:
[aclug-L] Re: Shutting down linux from X
Home

[aclug-L] Re: Shutting down linux from X

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: discussion@xxxxxxxxx
Subject: [aclug-L] Re: Shutting down linux from X
From: Jeff Vian <jvian10@xxxxxxxxxxx>
Date: Tue, 06 Aug 2002 08:49:50 -0500
Reply-to: discussion@xxxxxxxxx



jlweaver wrote:
> How much is an extra connection?  Is the line special in any way?


I strongly discourage extra connections unless you really want to go to 
the trouble of configuring and managing a firewall on EACH machine that 
is directly connected to the internet.

A single connection point with a firewall is easier to protect from 
hackers and viruses since only one point of management is required. 
Another advantage to using a firewall and single point of connection is 
your internal (private) network is truly private. No one from the 
internet side of the firewall can even see the machines on the internal 
network, but if the firewall is configured correctly the machines on the 
internal network have a direct connection outbound.

My gateway/firewall machine constantly gets scans on port 137 (netbios) 
looking for open shares, port 80 (httpd), and ports 111 (portmapper), 67 
, 68 (both bootp), etc. These are all normal services ports, but the 
logs show the scans to port 80 are over 90% from the Code Red virus 
trying to reach a machine with IIS enabled and the security patches not 
in place. I do not run anything that is not current, and absolutely 
necessary, but there is still a risk in being even attached to the internet.

The line (cable modem) is not special for multiple IP setup. You have to 
attach the modem to a hub/switch and then each machine attached to the 
hub gets an internet IP from the ISP.  Each machine is directly 
connected to the internet and thus subject to all the same attacks as a 
single point would be. Management points are multiplied by the number of 
machines you have, and chances of errors or failures of protection go up 
exponentially.


> 
> Jeff Vian wrote:
> 
> 
>>Koji Hayakawa wrote:
>>
>>>Is it advisable to shutdown X and Linux from xterm/shell prompt?  For now,
>>>I've set up a box to boot directly into gdm, then onto WindowMaker.
>>>WindowMaker doesn't have computer shutdown or reboot menu by default.  In
>>>order to rely on menu, I need to log out and use gdm's shutdown or reboot
>>>menu.  Being this PC is running on 133MHz, gdm isn't the fastest component
>>>to be loaded just for shutdown.  Is it okay to issue /sbin/init 0(6) from
>>>xterm?  Is there any other way?  Whatever the case is, I just want to add
>>>another WM menu that does the PC shutdown.
>>
>>It is perfectly acceptable to shutdown that way.
>>
>>I use "shutdown -h|r now" on a regular basis since I find it faster than
>>the menu and I often have an xterm open as root.
>>
>>
>>>By the way, since when did cox start charging extra for multi-computer
>>>connection to their service?!?
>>>
>>
>>Cox has always charged more for multi-computer connections than for one.
>>
>>I get past that by using a single pc connected to the cable, and that pc
>>acts as firewall/router and does ipmasquerading for the rest of my
>>network. A similar function can be gotten by using one of the
>>cable-modem router/firewall boxes that are available for reasonable
>>price. Just be certain that whatever you choose  has good firewalling
>>ability and configure it for that. The price of the box is saved over a
>>years time very easily by the reduced rate of the connection.

-- 
Jeff Vian
jvian10@xxxxxxxxxxx

-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]