Re: adsl, firewalls, etc. - Michael Medwid

public inbox for linux-newbie@vger.kernel.org
 help / color / mirror / Atom feed

From: Michael Medwid <mmedwid@gmail.com>
To: Andrew <ald2@arrakis.es>
Cc: linux-newbie@vger.kernel.org
Subject: Re: adsl, firewalls, etc.
Date: Mon, 19 Dec 2005 08:43:49 -0800	[thread overview]
Message-ID: <faf407640512190843g6f5c3d13sa6dead2f2324d45b@mail.gmail.com> (raw)
In-Reply-To: <43A66B34.6070102@arrakis.es>

I assume you mean the "default" configuration.  :-)  The first
question to ask is - are you running a telnet daemon on your box that
you want reachable from the Internet?  Telnet is an unencrypted
protocol - easily sniffed.  If you don't need to remotely access your
machine at all - just turn that port off on the router/firewall.  If
you do need remote command line access to your box - at least make it
SSH port 22.

Same question for ftp-data - are you running FTP that you want open to
the Internet?  If no - turn it off.  If you need a file transfer
facility use SCP which operates on SSH's TCP port 22.  Like telnet FTP
is unencrypted while SCP is encrypted.

Lastly are you running a web server open to the Internet?  I suspect
no given you're newly using ADSL and many ADSL providers give you a
dynamic IP address.  Anyhow - if no - turn off port 80.

-Michael

>The defect configuration leaves ports 20 (ftp-data),  23
>(telnet) and 80 (http)open,"

On 12/19/05, Andrew <ald2@arrakis.es> wrote:
> Midwinter greetings,
>
> I have just moved one rung up on the evolutionary scale and got myself
> an adsl connection. I am probably going to make a few relatively minor
> changes to my home lan because of this, but before going any further
> there is one issue worrying me:
>
> The free modem my isp provided has no support under Linux so I had to
> take the router option. It's a Draytek Vigor 2500. The defect
> configuration leaves ports 20 (ftp-data),  23 (telnet) and 80 (http)
> open, the rest are stealthed (according to Shields Up). Am I right in
> thinking this is not such a good idea? I haven't yet had any success in
> trying to add rules to close these ports, and my isp 'cordially' informs
> me that this is up to me to sort out, so for the time being I am simply
> disconnecting when not in use (about 16 hours a day). Am I being
> over-paranoid?
>
> TIA
> Andrew
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
>
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

next prev parent reply	other threads:[~2005-12-19 16:43 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-12-19  8:11 adsl, firewalls, etc Andrew
2005-12-19 10:25 ` joy merwin monteiro
2005-12-19 15:32 ` chuck
2005-12-19 16:22   ` Andrew
2005-12-19 17:25     ` chuck gelm
2005-12-19 16:43 ` Michael Medwid [this message]
2005-12-19 16:56   ` Andrew
2005-12-19 17:17     ` Michael Medwid
     [not found]       ` <faf407640512190917q9d1ade0k96d5a1744a6ced4b@mail.gmail.com >
2005-12-19 17:44         ` Carl
2005-12-19 20:41           ` Andrew
2005-12-19 17:07 ` Ray Olszewski
  -- strict thread matches above, loose matches on Subject: below --
2005-12-19 17:06 Justin Morgan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=faf407640512190843g6f5c3d13sa6dead2f2324d45b@mail.gmail.com \
    --to=mmedwid@gmail.com \
    --cc=ald2@arrakis.es \
    --cc=linux-newbie@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox