Re: Strange connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2005-07-20 at 17:17, Mike McCarty wrote:
> Scot L. Harris wrote:

> 
> But if the port is closed, then I don't see my exposure. Except that
> now they know the temporary (well, with DSL, not so temp) IP address.
> 

That is what I was saying.  Nothing should be able to get through that
port, but the bad guys know there is a system at that address.  More
than likely they will just move on to the next address that has more
interesting open ports available.  :)

Remember the idea here is to be just a little harder to crack than the
next guy.  :)



> 
> I don't have any other computers on my "LAN". It comprises a
> router and a computer. I have a cable run to another computer
> with Windows 98 on it, which is turned off, and remains off.
> 

If you wanted to you could use the windows system to run a scan against
your linux box.  From what you have described this is not really
needed.  Just something you might want to do just to learn from it.

> I don't think I have much exposure from a computer which is off :-)
> 

As long as it is physically secured and does not have any critical data
on it that someone can steal..... :)


> # service iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     icmp --  anywhere             anywhere            icmp any
> ACCEPT     ipv6-crypt--  anywhere             anywhere
> ACCEPT     ipv6-auth--  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere            state 
> RELATED,ESTABLISHED
> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
> tcp dpt:smtp
> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
> tcp dpt:http
> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
> tcp dpt:https
> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
> tcp dpt:ftp
> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
> tcp dpt:ssh
> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
> tcp dpt:telnet
> REJECT     all  --  anywhere             anywhere            reject-with 
> icmp-host-prohibited
> 

This tells me that you have enabled the default services in
system-config-securitylevel.  smtp (email), http/https (apache), ftp,
ssh, and telnet have their ports opened on your system.

Based on what you have described you can go into
system-config-securitylevel and turn those off so those ports will not
be open.


> >>Hmm, I seem not to have chkrootkit, rkhunter, nor tripwire installed.
> >>
> > 

> Is there a way to get them from the original CDs? Or should I use
> yum?
> 

I would use yum.  


> > If you have the default iptables rules then things should be blocked
> > from getting in.  Additional steps can be taken to have iptables limit
> > what can go out of your system.  Only those applications that you use
> 
> Ok, my iptables output is above. Any recommendations?
> 

As mentioned above, if you are not using telnet, ssh, ftp, smtp, http to
connect to your system you can disable those ports.

For the truly paranoid the output chain would contain a list of rules
that blocks everything but those applications you use.  But that can be
difficult to setup and maintain.


> I guess so. I haven't seen anything which would encourage me
> to use selinux, yet.
> 

selinux is just another layer of defense.  If some how a hacker managed
to get on your system selinux should make it more difficult for that
hacker to gain elevated privileges and/or modify certain critical files
on your system.  IMHO it will take a couple of years for selinux to
develop fully and for the various distributions to implement policies
that work for most users.

-- 
Scot L. Harris
webid@xxxxxxxxxx

Behold the warranty -- the bold print giveth and the fine print taketh away. 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux