outgoing port block on fedorapeople.org
seth vidal
skvidal at fedoraproject.org
Tue Aug 3 19:12:25 UTC 2010
On Tue, 2010-08-03 at 13:10 -0600, Stephen John Smoogen wrote:
> On Mon, Aug 2, 2010 at 13:28, seth vidal <skvidal at fedoraproject.org> wrote:
> > Hi,
> > Mike noticed that someone had setup an irc bot running on
> > fedorapeople.org talking to an irc channel that was not remotely fedora
> > related. Even if it had been fedora-related it's still not something we
> > want running fedorapeople.org. I put in an outgoing port reject to
> > things bound to 6667. I'll work on a slightly better option soon but I
> > wanted to let everyone know about this and ask if there were any other
> > suggestions on how to best block this sort of thing.
> >
> > Thanks,
> > -sv
>
> Coming from a different background but dealing with summer students we
> usually put our people systems on a limited outbound network. We knew
> that 80,443,22,53 were going to happen so we allowed those through a
> proxy and everything else got logged and checked daily. Way overkill
> probably but the wonders of iptables tables allows for all kinds of
> local magic :). [Or a good selinux policy].
>
> Personally I was thinking policy wise we MOTD that this server is not
> meant for running services or daemons off of and the definition of
> such things is up to the administrators and not the users :).
i like the idea of changing the MOTD, too.
-sv
More information about the infrastructure
mailing list