Testing Linux Firewall?
Results 1 to 10 of 10

Thread: Testing Linux Firewall?

  1. #1
    Member
    Join Date
    May 2003
    Posts
    32

    Question Testing Linux Firewall?

    I am new to linux, and I have begun to try to understand some of its basics. I have two questions. Do I need the following ports open to simply surf the net, do email, and download the occasional program?

    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    Interesting ports on localhost.localdomain (127.0.0.1):
    (The 1596 ports scanned but not shown below are in state: closed)
    Port State Service
    25/tcp open smtp
    111/tcp open sunrpc
    631/tcp open ipp
    6000/tcp open X11
    10000/tcp open snet-sensor-mgmt

    Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

    I have tried to configure my firewall using ipchains, and would like to test it. Is there any way that I can do this? I even searched google and AO, and was only successful in finding windoz based scans. (Note: An online scan is probably not possible in my situation because I am behind a router.) Thanks, sorry if this is kind of long and rambling.

  2. #2
    Senior Member
    Join Date
    May 2002
    Posts
    101
    X11 runs for remote X servers and that's what I know off the top of my head as well don't feel like doing the google thing right now you should try it and see what you get when you google it is quite simple.

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Did you run NMAP on the local host or remotely? Is your firewall up and running?

    oh, and to "simply surf the net" you do not need those ports open.
    Quis custodiet ipsos custodes

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    115
    631 ipp is internet printing protocol, either case, you don't need all those other ports open (except for x11, i don't use windows manager, so i'm not sure about this). anyways, if you're curious what those ports do, try the following:

    lsof -i typeort
    grep something /etc/services

    hope this helps.

    -w0rm3y

  5. #5
    Member
    Join Date
    May 2003
    Posts
    32
    Thanks for the help everyone!

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    You probably don't need port 25 open, because unlike what Marijuana said, it isn't used for outgoing mail, it's used for *incoming* mail. Now unless you're using your machine as an incoming mail server for a domain, you don't need SMTP listening. *even* if you're using the machine as a relay.

    I would say you can safely firewall all of those ports. However it's better practice just to firewall everything and then let in what you need.

    Reading further down your post: if you are behind a router which does NAT (i.e. Most home routers and many others), the whole thing is academic anyway because attackers cannot address your machine, much less attack it. So if your machine has an IP in one of the reserved ranges (10.* , 192.168.* or 172.16.*-172.17.*), there is no possibility of an attacker connecting to it in a direct manner

  7. #7
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    The question u should ask yourself is: "Do I need any server application on my machine?".
    If not make a simple rule to forbid any connection between port 1 to 1024.

    For other port visit the following site - it will give u any info you're looking for
    http://www.chebucto.ns.ca/~rakerman/port-table.html

    BTW žI'll advice you to use iptable which is the Netfilter upgrade of ipchain
    [shadow] SHARING KNOWLEDGE[/shadow]

  8. #8
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    As a sidenote,SMTP(25) is used for both incoming and/or outgoing.(RFC 2821) also
    a firewall does not insure 'no possibilty' of someone connecting, thats whats called candy security. aka Hard crunchy shell, soft chewy inside. Follow good security practices and shut down un-neccessary services regardless.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  9. #9
    Member
    Join Date
    Feb 2003
    Posts
    41
    111/tcp open sunrpc

    Hi


    You better close this one it's remote procedure call service Crackers/Script Kiddies
    probe for this open port all the time rpc services have many security issues. Attackers can register a bogus rpc service & instruct your portmapper to listen for his her commands requests. If he or she manipulates your portmapper to forward requests to avalible services on your Linux system the attackers trick them into thinking there coming from your machine if you need to run any RPC services you need to weigh the security considerations very carefully if you don't need any rpc services I'd advise you to disable them
    all including Portmapper beware!


    Doc

  10. #10
    Member
    Join Date
    May 2003
    Posts
    32
    Wow! I'm glad that I posted this thread, because I probably would have just left my firewall the way it was. Thanks to everyone for the info!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides