LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-21-2016, 05:36 PM   #1
nix84
Member
 
Registered: Apr 2014
Posts: 276

Rep: Reputation: Disabled
wifi protection


Flirting with developing a filter to find listening ports to be closed on a desktop.
Two problems:
1) all the experts simply seem to advise to close unnecessary ports. But, no one seems to bother to make rules of thumb as to what might not be critical.
I need some advise on this.
2) If I see a Listening port open it is likely that if it is to be used by a hacker it will be ESTABLISHED by the time I make another pass looking for that port. I could look for the port but this seems to me to be extremely circuitous as there could be valid reasons for it to be established.
Is there a direct way with "netstat" to run it so as to determine who has what and when. Yes, I could build a table of IPs and MACs per port and validate against it even if established. Is this the method that is commonly used?
 
Old 04-22-2016, 02:25 PM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,879
Blog Entries: 13

Rep: Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930
Not a security expert by any means, but I've seen lots of advice for configuring routers, and etc and the advice was to turn it all off and then turn on stuff incrementally as you determine that you need it. This way, you don't have to guess, except when considering enabling a port and then questioning why you would need to enable that particular port.
 
Old 04-24-2016, 06:18 PM   #3
nix84
Member
 
Registered: Apr 2014
Posts: 276

Original Poster
Rep: Reputation: Disabled
wifi protection

@rtmistler: Hey TNX U R on the way to getting a handle on networking.
We agree on my point 1).
Still looking for some info on cycling times etc. Like if I see a listening port with a wild card on pass 1 then see an IP on pass 2 am I too late to close a port which was intentionally left open?
Example port 53 (DNS official port) is open and looks to me like it should be left that way. Someone could jump on it between passes of 3-4 sec and plant tulips in that much time. How can one know when to leave it open and for what. My list of port names and purposes does not cover the detail need to know what I might need 53 for.

Does any one know if it is at all possible for someone probing over the net to gain access to listening ports of the DOMAIN type? I know the INTERNET type definitely are.
Also if the connection is "established" can the service be terminated instantly?
 
Old 04-25-2016, 06:36 AM   #4
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,879
Blog Entries: 13

Rep: Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930
No idea what you're talking about with that whole pass 1 pass 2 stuff. A protocol port is either open or closed. For a well known port number to be used for different means than the defined protocol type it was selected for, both ends of the connection must agree that the port is being re-used for a custom protocol type. Then all the best you can do is sniff that traffic and determine that it's not matching the protocol type it originally required.

Encrypt your WIFI for starters and then anyone invading cannot use it in the first place.

Use MAC security to ensure that known MAC addresses are using the router. Yes, someone who knows one of the valid addresses can then still get in, but you should not be giving those addresses out. Same for the WIFI keys, you don't give those freely out. The more difficult you make it for starters, the better off you'll be.

This might be better off in the Linux Security forum. If you'd like to request it being moved, then click REPORT on one of the posts and just ask if the thread could be moved to that forum. It might get someone's attention who is a bit more focused on network security. Although this current forum is also a pretty good choice.
 
Old 04-25-2016, 06:52 AM   #5
bluesclues227
LQ Newbie
 
Registered: Apr 2016
Posts: 25

Rep: Reputation: Disabled
Not sure if this will help, but maybe these commands may help you make some decisions. apt-cache depends NameOfProgram (shows what depends on that program to run) apt-cache rdepends NameOfProgram (shows what THAT program depends on to run) apt-cache unmet (shows dependencies you don't have which can be useful for resolving issues like understanding why a program isn't working) Also look into hosting services in a VM to keep ports off your physical machine.
 
Old 04-25-2016, 10:59 PM   #6
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 2,148

Rep: Reputation: 449Reputation: 449Reputation: 449Reputation: 449Reputation: 449
just my 2 cents, closed also unnecessary services that is not being used.

Even though the port is open if ever, if there is no service listening to the particular port and an attempt to connect to the port the connection will be closed since no service to accept the connection.

I think the SELinux if configured properly it will accomplished what you're trying to do.

Search the web about SELinux.

Last edited by JJJCR; 04-25-2016 at 11:00 PM. Reason: edit
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Static WiFi problem in Dual Booted System. Dynamic WiFi working Shahbaz E Linux - Newbie 3 01-22-2016 09:21 PM
Want to share my wifi by creating a wifi hotspot ( While staying connected to wifi)? shadyXV Linux - Desktop 4 07-20-2015 05:37 PM
[SOLVED] wifi problems. after updating to the latest linux-kernel wifi doesn't work. jhp8940 Linux - Newbie 7 09-11-2014 12:17 PM
LXer: Court Says WiFi Isn't Radio Because It's Not Audio; Therefore WiFi Sniffing Can Be Wiretapping LXer Syndicated Linux News 0 09-10-2013 05:42 PM
wifi works:how to connect to hotspot,with console?alternative to wifi-wiz assistant? frenchn00b Debian 7 10-30-2009 12:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration