* Securing my box
@ 2002-11-15 11:19 1stFlight
2002-11-15 12:07 ` Szekely-Benczedi Endre
2002-11-15 17:45 ` Ray Olszewski
0 siblings, 2 replies; 3+ messages in thread
From: 1stFlight @ 2002-11-15 11:19 UTC (permalink / raw)
To: linux newbie
I recently had a friend port scan me as a test of my ip_tables based firewall
And like I wanted he discovered there were no ports open. However if I do a
"netstat -a | grep LISTEN" I see
tcp 0 0 localhost.localdom:1024 *:* LISTEN
tcp 0 0 *:printer *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
What's going on here? Did I mess up my config? Thanks!
Darryl
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Securing my box
2002-11-15 11:19 Securing my box 1stFlight
@ 2002-11-15 12:07 ` Szekely-Benczedi Endre
2002-11-15 17:45 ` Ray Olszewski
1 sibling, 0 replies; 3+ messages in thread
From: Szekely-Benczedi Endre @ 2002-11-15 12:07 UTC (permalink / raw)
To: linux-newbie; +Cc: 1stflight
As far as I know this is the way it should be, I mean
you closed the access from outside; but not from your server.
So someone from outside cannot connect to them, but you, from
a shell on the server, can, of course...
Or did I misunderstood the question?
Greetz,
Bencze.
On Fri, 15 Nov 2002, 1stFlight wrote:
> I recently had a friend port scan me as a test of my ip_tables based firewall
> And like I wanted he discovered there were no ports open. However if I do a
> "netstat -a | grep LISTEN" I see
>
> tcp 0 0 localhost.localdom:1024 *:* LISTEN
> tcp 0 0 *:printer *:* LISTEN
> tcp 0 0 *:sunrpc *:* LISTEN
> tcp 0 0 *:x11 *:* LISTEN
> tcp 0 0 *:ssh *:* LISTEN
>
>
> What's going on here? Did I mess up my config? Thanks!
>
> Darryl
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
>
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Securing my box
2002-11-15 11:19 Securing my box 1stFlight
2002-11-15 12:07 ` Szekely-Benczedi Endre
@ 2002-11-15 17:45 ` Ray Olszewski
1 sibling, 0 replies; 3+ messages in thread
From: Ray Olszewski @ 2002-11-15 17:45 UTC (permalink / raw)
To: linux newbie
At 06:19 AM 11/15/02 -0500, 1stFlight wrote:
>I recently had a friend port scan me as a test of my ip_tables based firewall
>And like I wanted he discovered there were no ports open. However if I do a
>"netstat -a | grep LISTEN" I see
>
>tcp 0 0 localhost.localdom:1024 *:* LISTEN
>tcp 0 0 *:printer *:* LISTEN
>tcp 0 0 *:sunrpc *:* LISTEN
>tcp 0 0 *:x11 *:* LISTEN
>tcp 0 0 *:ssh *:* LISTEN
>
>
>What's going on here? Did I mess up my config? Thanks!
What's "going on here" is that you have applications on the host that are
listening on those ports for incoming traffic. Offhand I can't say for sure
what, but probably you are running lpd, sshd, the portmapper (say for NFS
mounts) and XFree86 (I don't even have a guess for the 1024 entry).
From what your friend found in his portscan, you have firewalling software
running somewhere between him and you that blocks his access to these same
ports. If the " ip_tables based firewall" is software (more accurately,
kernel configuration) running on this same host, -AND- it has only a single
network interface, then running the apps that listen on these ports may be
pointless (or not; X11 and lpd are surely providing local services as
well). Except for the memory they use, running them is harmless. And if you
have multiple interfaces (for example, a dial-up PPP connection and a NIC
connecting you to a LAN), the firewall *might* be blocking access from the
Internet while permitting it from the LAN ... that's one of the things
firewalls do, after all.
So ... bottom line ... whether you "messed up" your config depends on
undescribed details of your overall setup, and your intent.
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA ray@comarre.com
-------------------------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-11-15 17:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-15 11:19 Securing my box 1stFlight
2002-11-15 12:07 ` Szekely-Benczedi Endre
2002-11-15 17:45 ` Ray Olszewski
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.