|reply to betatester |
Re: Come on
Get a real Firewall »www.astaro.com.
TCP Port 1025
Microsoft Remote Procedure Call (RPC) service.
Currently inbound scans are likely RPC and LSA exploit attempts against the Windows, which by default should be blocked by your firewall. Ensure that your systems have the latest patches installed from Microsoft.
Outbound scans if occurring in volume should be considered an indication of a possible worm infection on the source computer and should be investigated.
I agree with your take on Astaro - I ended up getting 2 licenses for v5 with the integrated Snort intrusion detection, and ran v3 and v4 for quite sime time - works great - IPSEC VPN connections to my friends houses - masq to the internet - great portscan detection, and a very easy to use web frontend - all you need is a host with 2 nics - only allow admin on the internal nic, and whether you know unix or not, you off and flying - and if you do know unix, Astaro is a completely firewall tuned Linux distro, and if you don't care about support, you can make it do all kinds of things
I also like the accounting - how much do I transfer, and over what ports? The Packet Filter Live Log allows you too see blocked packets, and gives you the ability to turn on logging on the allowed ports so the Live Log shows you the accepted packets too.
Just had to put in my 2 cents - I have used IPChains/IPTables on Linux hosts for quite some time, but Astaro packages it very well, allows for Proxy services in chroot environments for security (squid, Socks 4/5, exim SMTP proxy, BIND proxy, ident if you so wish) You can use all or none - its up to you - really sweet package, and they have great deals for Home Users - free if you don't want the Virus or URL Content filtering up to 10 hosts behind it.
Hehe - sorry for the rambling, but its so nice I have 2 for 2 different connections, and some simple routing tricks, and I can route through either firewall Love it