IncognitoThis forum is for the discussion of Incognito Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
1.
What ports of the corporate Firewall needs to be open, that Icognito booted from CD-ROM does work out of the box?
2.
What is the best approach to circumvent such problems without compromising the/my security), if the corporate FW
does block some ports required by Icognito(booted from CD-ROM)?
1.
What ports of the corporate Firewall needs to be open, that Icognito booted from CD-ROM does work out of the box?
2.
What is the best approach to circumvent such problems without compromising the/my security), if the corporate FW
does block some ports required by Icognito(booted from CD-ROM)?
Thank's a lot for evey help!
John
22, 53, 80, 443, 25, 993 are good ones.
Of f* it, just DMZ the whole box. ;-)
Last edited by jhwilliams; 10-17-2009 at 11:18 PM.
What ports of the corporate Firewall needs to be open, that Icognito booted from CD-ROM does work out of the box?
You will have to be able to communicate with the Tor network. You can use TorStatus to check which ORPorts and DirPorts the relays tend to use. Your firewall has to allow outbound connection to some subest of these TCP ports. Note that the fewer of the ORPorts you're able to connect to, the worse Tor's anonymity and performance gets.
If you want the time to be set correctly (Tor needs a somewhat accurate clock, so this might be nexessary) you also need the NTP port (UDP port 123) open for outbound connections.
Quote:
Originally Posted by john99
What is the best approach to circumvent such problems without compromising the/my security), if the corporate FW
does block some ports required by Icognito(booted from CD-ROM)?
The best way I think is to use a Tor bridge. You can setup Tor to use a bridge through the TorK GUI controller for Tor (the onion in the system tray). Note that you'll have to redo this everytime you start Incognito when booting from a CD.
I don't know what Incognito is, but here's how I handle opening ports:
As I install a new application, I lookup what ports it uses, and then open them for that, only, as needed. Example: "I've installed Apache. I better open Port 80."
If you want to see what ports are open on any host, check out nmap. For example, here's a scan of a domain I manage:
Code:
nmap domain.name
On the gateway:
Code:
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
53/tcp open domain
80/tcp open http
443/tcp open https
8080/tcp filtered http-proxy
And on the main internal server (you don't have access to this information directly since its in my network):
Code:
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
443/tcp open https
2049/tcp open nfs
3306/tcp open mysql
Best!
Jameson
Last edited by jhwilliams; 11-19-2009 at 06:21 PM.
As I install a new application, I lookup what ports it uses, and then open them for that, only, as needed. Example: "I've installed Apache. I better open Port 80."
Ok, but you know already before that Appache requires port 80. Is there - apart from firewall logs - other possibilities to find it out?
Quote:
Originally Posted by jhwilliams
If you want to see what ports are open on any host, check out nmap. For example, here's a scan of a domain I manage:
Code:
nmap domain.name
Code:
PORT STATE SERVICE
23/tcp open telnet
I am wondering why Icognito/TOR does work in my case with port TCP 23 only. My opinion was, that much more open ports are required...
Do I miss something?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
