[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipchains

To: Linux Users Club of IL <luci-discuss@luci.org>
Subject: Re: ipchains
From: Cloudmaster <sauer@cloudmaster.com>
Date: Tue, 11 Apr 2000 07:17:10 -0500 (CDT)
In-Reply-To: <Pine.LNX.3.96.1000411070449.2470A-100000@sandman.lunarmedia.net>
Organization: Linux Users of Central Illinois
Reply-To: luci-discuss@luci.org
Sender: owner-luci-discuss@luci.org

On Tue, 11 Apr 2000, Charles Menzes wrote:
> I just recently finished setting up ipchains on both a test server as well
> as my home machine. I would like to get fairly strict for the server
> platform, which should not be very difficult, however for home use I have
> a question about what implications there would be by allowing free range
> in and out for ports above 1024. I am running X, so I did add a deny for
> any incoming packets to 6000:6063, but other than that, its pretty much
> free game. I am not running nfs, however I do run gnapster and icqnix
> which all use high ports for establishing sessions both as a client and
> server. I could set up specific rulesets for each of these apps, but I was
> curious to hear opinion on what ramifications there are from just allowing
> ACCEPT in/out for >1024.

On the internal machines, run "netstat -nlt" for all tcp port the machine's
listening on (similarly -nlu for udp and -nlw for raw sockets). See all the
stuff under "local address"?  Look for ports greater than 1024.  you should
be able to do something like "lsof -i :port" where you replace "port" with
the port you're interested in.  That'll tell you what process(es) are
listening on that port.  You may have to do it as root to get anything
useful out of lsof...

Anyway, decide if you care about those ports being accessable from outside.
If not, well, block access.  If you think there are users inside that might
be adding programs that bind to a high port but you don't want them to,
either remove that user or (if you're that user) block off the ports you're
concerned about.  You can get a listing of common serices and their
corresponding ports in /etc/services - that oughtta help some.  I personally
wouldn't be terribly concerned, but then I masquerade everything and don't
have non-trusted users, so I really don't have those problems (although
there are others).

--Danny

--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

Follow-Ups:
- Re: ipchains
  - From: Charles Menzes <charles@lunarmedia.net>

References:
- ipchains
  - From: Charles Menzes <charles@lunarmedia.net>

Prev by Date: ipchains
Next by Date: Re: Debian and Slackware
Prev by thread: ipchains
Next by thread: Re: ipchains
Index(es):
- Date
- Thread