Yes.
by
robo_dev
·
about 16 years, 2 months ago
In reply to ingress rules
There’s no harm in posting the connection parameters and so forth, but your ingress rules tell me that there is a host at port xxx and address xxx behind your firewall.
The first step of hacking any system is to do port scan and ping scan for hosts and ports. Having this for your site in a text file would save a hacker about 30-45 minutes of work, plus you’ve got some usernames in there, which would be likely to be userids on the host.
Once somebody knows there’s a host there and what port it’s listening at, then from there it’s on to OS fingerprinting, determining known vulns for that OS, crafting/deploying an exploit, and hacking into the system.
And don’t forget that much of this work is done totally automatically by ‘bots on the internet. So even if your server is completely hardened, patched, and secured, you may get tons of unwanted traffic attempting to hack the device.
I don’t mean to sound alarmist, but seriously, you’re exposing waay too much info.
With respect to the original problem, my guess is that somehow the WAN connection is timing out? Such as if it were a DSL line that were configured to connect on-demand.
Alternately, some sort of routing error such as multiple default gateways, a rogue DHCP server and so forth. To figure this problem out, you need to have a sniffer connected to the network at the time when the fault is happening to observer what’s going on.
Cheers