s. keeling wrote:
Incoming from Thomas Beresford:
I'm running a woody debian system and firestarter 0.9.3 and have a
56k USR modem for the internet. The thing is, whenever I connect to
the internet, I receive a lot, but really lots of attempts to access
on port 445, microsoft-ds and some port 135, loc-srv. Is it normal?
Pretty much. Many of them are just viruses and worms attempting to spread to your machine. Some have actual human beings behind them. As long as you're not running daemons that "pick up the phone", so to speak, they're just annoying; not harmful.
You can make doubly sure of that with a firewall. Attempts then just get dropped.
A conservatively-configured Linux host _is_ a firewall.
Note re firestarter: Firestarter is a complete firewall tool for Linux machines.
I'm not running anything unusual, just the basic system, no servers,
anything. Another thing is, whenever I run nmap here, there's some
ports that are opened and I'm really worried about their security
(these ports are 111 sunrpc and 515 printer). Is there a way to close
See /etc/inetd.conf, and comment out the things you don't want to be running. sunrpc is the remote shell stuff and you shouldn't be opening that up to the net (cleartext passwords; use ssh instead). Printer you can stop with:
iptables -t filter -I INPUT -i ppp0 -m tcp -p tcp --dport 513 -j DROP
sunrcp is not remote shell, it's remote procedure call. Used by nfs (and I think some other services).
these ports? I've tried blocking them with firestarter but did't
work. Could anyone give me a hand?
The best thing you can do is make sure that you're only running what you need to run, and that whatever's running answers only those you want it to answer.
iptables -t filter -I INPUT -i ppp0 -m tcp -p tcp --dport 113 -j ACCEPT
That's for "identd." CVS and IRC servers often want to "ident" you. I run fauxident.py which just _acts_ like an ident server, so I open up that port for it. :-)
If firestarter is setup properly, what Thomas is seeing is his firewall doing its job. There are some websites that will do a confidence check for him, portscanning is machine and listing what is _really_ open.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
