* Securing my box @ 2002-11-15 11:19 1stFlight 2002-11-15 12:07 ` Szekely-Benczedi Endre 2002-11-15 17:45 ` Ray Olszewski 0 siblings, 2 replies; 3+ messages in thread From: 1stFlight @ 2002-11-15 11:19 UTC (permalink / raw) To: linux newbie I recently had a friend port scan me as a test of my ip_tables based firewall And like I wanted he discovered there were no ports open. However if I do a "netstat -a | grep LISTEN" I see tcp 0 0 localhost.localdom:1024 *:* LISTEN tcp 0 0 *:printer *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:x11 *:* LISTEN tcp 0 0 *:ssh *:* LISTEN What's going on here? Did I mess up my config? Thanks! Darryl - To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.linux-learn.org/faqs ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Securing my box 2002-11-15 11:19 Securing my box 1stFlight @ 2002-11-15 12:07 ` Szekely-Benczedi Endre 2002-11-15 17:45 ` Ray Olszewski 1 sibling, 0 replies; 3+ messages in thread From: Szekely-Benczedi Endre @ 2002-11-15 12:07 UTC (permalink / raw) To: linux-newbie; +Cc: 1stflight As far as I know this is the way it should be, I mean you closed the access from outside; but not from your server. So someone from outside cannot connect to them, but you, from a shell on the server, can, of course... Or did I misunderstood the question? Greetz, Bencze. On Fri, 15 Nov 2002, 1stFlight wrote: > I recently had a friend port scan me as a test of my ip_tables based firewall > And like I wanted he discovered there were no ports open. However if I do a > "netstat -a | grep LISTEN" I see > > tcp 0 0 localhost.localdom:1024 *:* LISTEN > tcp 0 0 *:printer *:* LISTEN > tcp 0 0 *:sunrpc *:* LISTEN > tcp 0 0 *:x11 *:* LISTEN > tcp 0 0 *:ssh *:* LISTEN > > > What's going on here? Did I mess up my config? Thanks! > > Darryl > - > To unsubscribe from this list: send the line "unsubscribe linux-newbie" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.linux-learn.org/faqs > - To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.linux-learn.org/faqs ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Securing my box 2002-11-15 11:19 Securing my box 1stFlight 2002-11-15 12:07 ` Szekely-Benczedi Endre @ 2002-11-15 17:45 ` Ray Olszewski 1 sibling, 0 replies; 3+ messages in thread From: Ray Olszewski @ 2002-11-15 17:45 UTC (permalink / raw) To: linux newbie At 06:19 AM 11/15/02 -0500, 1stFlight wrote: >I recently had a friend port scan me as a test of my ip_tables based firewall >And like I wanted he discovered there were no ports open. However if I do a >"netstat -a | grep LISTEN" I see > >tcp 0 0 localhost.localdom:1024 *:* LISTEN >tcp 0 0 *:printer *:* LISTEN >tcp 0 0 *:sunrpc *:* LISTEN >tcp 0 0 *:x11 *:* LISTEN >tcp 0 0 *:ssh *:* LISTEN > > >What's going on here? Did I mess up my config? Thanks! What's "going on here" is that you have applications on the host that are listening on those ports for incoming traffic. Offhand I can't say for sure what, but probably you are running lpd, sshd, the portmapper (say for NFS mounts) and XFree86 (I don't even have a guess for the 1024 entry). From what your friend found in his portscan, you have firewalling software running somewhere between him and you that blocks his access to these same ports. If the " ip_tables based firewall" is software (more accurately, kernel configuration) running on this same host, -AND- it has only a single network interface, then running the apps that listen on these ports may be pointless (or not; X11 and lpd are surely providing local services as well). Except for the memory they use, running them is harmless. And if you have multiple interfaces (for example, a dial-up PPP connection and a NIC connecting you to a LAN), the firewall *might* be blocking access from the Internet while permitting it from the LAN ... that's one of the things firewalls do, after all. So ... bottom line ... whether you "messed up" your config depends on undescribed details of your overall setup, and your intent. -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA ray@comarre.com ------------------------------------------------------------------------------- - To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.linux-learn.org/faqs ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-11-15 17:45 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2002-11-15 11:19 Securing my box 1stFlight 2002-11-15 12:07 ` Szekely-Benczedi Endre 2002-11-15 17:45 ` Ray Olszewski
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.