> -----Original Message----- > From: Circle Discussion List [mailto:CIRCLE@post.queensu.ca]On Behalf Of > Treker > > Well, you as the network admin should have disabled remote > registry, gotten > the 128 bit encryption update, installed it, used SYSKEY, and then headed > over to NTBUGTRAQ. But that's another story =P I'm also an > network admin, > although a young one, but that's the first thing I do on a new NT > workstation/server--secure it as best I can. > Exactly what kind of things I was doing. I took over and wrote up a security evaluation for the owner then put fixes in place. But that's another topic... > > Actually, Windows 2000 seems _somewhat_ secure when set up properly. My > > solution was to put the MUD on a 192.168. address and have a port > > forwarding > > firewall that ONLY allows port 4000 to get to that machine. You > > connect to > > the firewall on port 4000 and it transparently forwards the > connection to > > the MUD machine on port 4000. I use Linux kernel 4.2 with IPTables (not > > IPChains) to do this and it works beutifully. I can also set up rules > > at the firewall to allow or block based on subnets and many > other criteria > > to help keep DOS attacks from even reaching the MUD server. > > Would it not be simpler to disallow connections on all ports through a > certain adapter except for port 4000? Or to do it at the router? > But the firewall's already there... why not make it work for me, eh? LOL Besides, you might still fall prey to fragmented packets, etc, if the firewall is on the same box as the game. With this, the firewall has to specifically forward the packet. Besides, I trust no machine running an OS from Microsloth. +------------------------------------------------------------+ | Ensure that you have read the CircleMUD Mailing List FAQ: | | http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html | +------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 04/11/01 PDT