[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipchains
Well, for the home machine, there is no masquerading. It is a single NIC
connecting to a switched segment with a cable modem for upstream access. I
will try the netstat option you suggested. Until now, I have been running:
netstat -na | grep -i listen
netstat -na | grep -i udp
I did use lsof to find what applications were using some of the higher
port numbers that did not look familiar. As I mentioned, I blocked access
for X from the outside. I dropped running Gnome since it seemed to open a
load of ports that I was unaware it would be using. Anyone have a good
description of what it uses the higher ports for?
cjm
________________________
Lunar Media Incorporated
what a wicked web we weave
http://www.lunarmedia.net
1 . 8 0 0 . 2 5 2 . 8 2 2 1
On Tue, 11 Apr 2000, Cloudmaster wrote:
>
> On Tue, 11 Apr 2000, Charles Menzes wrote:
> > I just recently finished setting up ipchains on both a test server as well
> > as my home machine. I would like to get fairly strict for the server
> > platform, which should not be very difficult, however for home use I have
> > a question about what implications there would be by allowing free range
> > in and out for ports above 1024. I am running X, so I did add a deny for
> > any incoming packets to 6000:6063, but other than that, its pretty much
> > free game. I am not running nfs, however I do run gnapster and icqnix
> > which all use high ports for establishing sessions both as a client and
> > server. I could set up specific rulesets for each of these apps, but I was
> > curious to hear opinion on what ramifications there are from just allowing
> > ACCEPT in/out for >1024.
>
> On the internal machines, run "netstat -nlt" for all tcp port the machine's
> listening on (similarly -nlu for udp and -nlw for raw sockets). See all the
> stuff under "local address"? Look for ports greater than 1024. you should
> be able to do something like "lsof -i :port" where you replace "port" with
> the port you're interested in. That'll tell you what process(es) are
> listening on that port. You may have to do it as root to get anything
> useful out of lsof...
>
> Anyway, decide if you care about those ports being accessable from outside.
> If not, well, block access. If you think there are users inside that might
> be adding programs that bind to a high port but you don't want them to,
> either remove that user or (if you're that user) block off the ports you're
> concerned about. You can get a listing of common serices and their
> corresponding ports in /etc/services - that oughtta help some. I personally
> wouldn't be terribly concerned, but then I masquerade everything and don't
> have non-trusted users, so I really don't have those problems (although
> there are others).
>
> --Danny
>
>
> --
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
>
--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.