Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have no servers running and this is my "netstat -tap":
Code:
Shiva:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 d12-130.rb.vcr.ce:33254 65.75.129.90:www ESTABLISHED2624/wget
tcp 0 0 d12-130.rb.vcr.ce:33264 65.75.129.90:www ESTABLISHED2622/wget
tcp 0 0 d12-130.rb.vcr.ce:33261 www.google.com:www ESTABLISHED1300/firefox-bin
So if Goole wanted to it could used my ESTABLISHED connection to execute arbitrary code on my computer? What if I had NO connections, how could they connect anyways if I don't have any server software running?
Location: somewhere over the rainbow theres a place....
Distribution: Ubuntu Dapper and Arch
Posts: 121
Rep:
Google isn't connected to you, you are connected to google via www/port 80. Google doesn't have access to your computer. You only are on the website, not logged on to google.
Originally posted by calcon Google isn't connected to you, you are connected to google via www/port 80. Google doesn't have access to your computer. You only are on the website, not logged on to google.
Ohhh I knew that, my bad. I've gotta THINK before I type next time! So...how can a computer have vulnerabilities on the internet if there are no servers running (thus no ports open)?
If you have no ports open then you have nothing to worry about (besides attacks done locally that is). However, once you start communicating to anyone or anything on the net, ports get opened. It's inevitable.
FYI, every OS got some port known as ephimeral port. The port will be used when u connecting to other PC / server. Once u're established it wiill appear when u do netstat. U can change u're port at /proc/sys/net/ipv4/ip_local_port_range
Originally posted by AC97Conquerer Well that's just stupid!!
It is actually very necessary because in order to get response back from a website or e-mail server or whatever, the data has to come in thru a opened port on your machine. This port is almost always dynamic (meaning it changes) unless configured otherwise by the user. That in turn makes it much harder for an attacker to get in. He (or she) pretty much has to initiate a connection blindly and predict and fake all kinds of numbers. IP addresses, and ISNs just to name a couple.
So nobody can connect to your machine. People can still DoS you or try to trick you into running something you shouldn't like a modified rpm or other stuff that works like a trojan. Then there is still the possibility that you get attacked during the connection, by people using sniffers or man in the middle attacks.
Thanks inaki, I tried it out! By the way I'm going to switching to a regular user on next boot named 'psycho'
Code:
|root:~|: chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not found
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... /usr/bin/strings: Warning: '/' is not an ordinary file
not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/blender/.Blanguages /usr/lib/blender/.bfont.ttf
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/usr/sbin/pppoe[4880], /usr/sbin/pppoe[4880])
ppp0: not promisc and no packet sniffer sockets
Checking `w55808'... not infected
Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... nothing deleted
Location: somewhere over the rainbow theres a place....
Distribution: Ubuntu Dapper and Arch
Posts: 121
Rep:
I don't know whether you've done this or not, but you can change your ssh port to something else so people will have a harder time getting in. There was a post about it somewhere....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
