which packets should i allow going out?

which packets should i allow going out?

[louie miranda]

I have deny everything incoming on my host, but what packets should i allow
going out? Which command? currently i allowed the ip's and services and deny
all ports on outside, but i cannot go out i mean ping can't for example.

Which packets should i allow going out, ex ping. And what command?
Is it for forwarding or output?



--
thanks,
louie miranda

How to stop SPAM from Internal users

[hare ram]

Hi all

I have One Public IP assigned to eth0
i have Private network 192.168.1.0/24 connected to eth1

how can stop, some one spamming from internal IP
i get from lot queries from other host saying that
my Public IP is spamming .....

1 ) how do i stop them spaming or relaying mails from internal PC
2) how to stop scanning from internal ip to any external IP
3) how do i kick the user who is infected with the virus and block them and
notify to admin

thanks
hare

Re: How to stop SPAM from Internal users

[Rasmus Bøg Hansen]

On Mon, 24 Feb 2003, hare ram wrote:

> I have One Public IP assigned to eth0
> i have Private network 192.168.1.0/24 connected to eth1
>
> how can stop, some one spamming from internal IP
> i get from lot queries from other host saying that
> my Public IP is spamming .....
>
> 1 ) how do i stop them spaming or relaying mails from internal PC

Setup a local SMTP server. Block port 25 from any host except the mail
server. Thus your local users will need to use your local server.

> 2) how to stop scanning from internal ip to any external IP

You can't unless you want to block internet access entirely. You can
however limit the speed with the 'limit' module - effectively making
scanning impossible.

> 3) how do i kick the user who is infected with the virus and block them and
> notify to admin

You have to know what IP, they're on and then block all traffic from
that host - and make sure they do not change IP.

/Rasmus

-- 
-- [ Rasmus "Møffe" Bøg Hansen ] ---------------------------------------
"Nothing would please me more than being able to hire ten programmers
and deluge the hobby market with good software."
                                                   -- Bill Gates 1976
We are still waiting ....
----------------------------------[ moffe at amagerkollegiet dot dk ] --

Re: How to stop SPAM from Internal users

[Willem Oldeman]

On Monday 24 February 2003 08:14, hare ram wrote:
> Hi all
>
> I have One Public IP assigned to eth0
> i have Private network 192.168.1.0/24 connected to eth1
>
> how can stop, some one spamming from internal IP
> i get from lot queries from other host saying that
> my Public IP is spamming .....
>
> 1 ) how do i stop them spaming or relaying mails from internal PC
> 2) how to stop scanning from internal ip to any external IP
> 3) how do i kick the user who is infected with the virus and block them and
> notify to admin
>
> thanks
> hare

You can start out logging forwarding port 25, the host that connects to many 
different mailhosts is the one causing the spam.
(BTW, don't you have a mailserver running yourself? If so, check it's logs.)

When you find the offending host, you should cut it off from your network (by 
blocking it's MAC address). No warnings, no excuses.
Spamming is IMO one of the worst breaches of the nettiquette.

HTH,
Willem