Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-07-2006, 10:08 AM
|
#1
|
Member
Registered: Feb 2006
Location: Athens
Distribution: opensuse 11/kubuntu 8.04
Posts: 99
Rep:
|
How does firewall protect me
Ok, i have suse 10,with built in firewall.I installed amule.Before opening tcp,UDP ports in firewall amule could work,but not very well.I could download,upload anything,in a low speed though.So my questions is how does it protect me ,since programmes(or an intruder) have acces to network(or my system) even if this acces is poor?
|
|
|
03-07-2006, 10:34 AM
|
#2
|
Member
Registered: Nov 2004
Distribution: Slackware 11, Ubuntu 6.06 LTS
Posts: 700
Rep:
|
It is probably slower because the firewall is filtering the packets as they pass, and (I'm not too familiar with amule) the filtering process could be slowing it down.
I'm guessing that the only thing someone else on amule could do is view the files you have downloaded and are allowing for upload, correct? They do not have access to all your other files. Then, unless there is a bug in amule, you should be safe. Your firewall is filtering the ports used by amule (or so it seems from the information you've given), so any odd activity *should* be spotted by the firewall.
How does the firewall protect you? Simple. It is filtering all the other ports other than the amule ones to protect you. Sure, an attacker might go for your amule port which may be slightly vulnerable - but unless you were running an unpatched version of amule with known vulnerabilities then they would have quite a lot of trouble getting in. You mention you are in a network - does your router have an inbuilt SPI firewall?
My guess is that you are more secure than you think - but I've never used amule in my life, so I can't help you there.
Cheers,
-jk
|
|
|
03-10-2006, 09:53 AM
|
#3
|
Member
Registered: Feb 2006
Location: Athens
Distribution: opensuse 11/kubuntu 8.04
Posts: 99
Original Poster
Rep:
|
My questions was not for amule only.I just gave it as an exmple,to ask if a firewall protects me even if programmes(any programmes),which are not "allowed to reach network" can reach network but poorly
|
|
|
03-10-2006, 11:35 AM
|
#4
|
Senior Member
Registered: May 2004
Location: Leipzig/Germany
Distribution: Arch
Posts: 1,687
Rep:
|
If you block or drop certain types of packages - or you take them, then log them, then drop them...these packages will not go through - anything else will. There is no in between - like you suggested that they will still go through, but poorly.
Eighter yes or no.
|
|
|
03-10-2006, 02:13 PM
|
#5
|
Member
Registered: Feb 2005
Location: Ontario, Canada
Distribution: Gentoo, Slackware
Posts: 345
Rep:
|
A properly configured firewall will guarantee that packets can only get through to certain ports. If your amule packets are still getting through then they must be using some other ports that are being left open.
|
|
|
03-11-2006, 01:06 AM
|
#6
|
Member
Registered: Mar 2005
Distribution: Ubuntu 9.10, Mint 8, Slackware 12
Posts: 105
Rep:
|
Just a clarification here ...
Based on what was said, I believe delta_9 was simply offering an example of opening ports and asking, then, if the firewall is still any protection once those ports are open. The reason for this example, I suspect, is that the eDonkey network, which aMule uses, requires you to open two specific ports so that you can receive a HighID on the network, which, without going into all the details, generally lets you transmit and receive faster. It will work without these ports open, but you get a LowID on the network and have to go through the server rather than direct connections, which slows things down.
|
|
|
03-11-2006, 08:40 AM
|
#7
|
Senior Member
Registered: Jul 2004
Location: Denmark
Distribution: Ubuntu, Debian
Posts: 1,524
Rep:
|
I'm no eDonkey network expert, but here's my best guess:
The firewall only filters incoming connections. That is, no one can connect to you, but you can connect to anyone (OP: think of it as having an unlisted phone number if it helps).
If a lot of people also filter incoming connections, that means there's a lot of people you can't connect to; if there's fewer people you can connect to, that means there are fewer hosts to send you the data you need, thus you get a lower bitrate.
So, it does not conflict with the empirical evidence. Why do I think this is likely? Because it makes sense--on most desktop machines, you don't offer services to the world (that is, you're always a client, never a server), so there's usually no need to have anyone connect to you.
Peer-to-peer really shows that this assumption is wrong--you want to have people connecting to you; however, the adaption is slow.
hth --Jonas
|
|
|
03-11-2006, 10:56 AM
|
#9
|
Member
Registered: Feb 2006
Location: Athens
Distribution: opensuse 11/kubuntu 8.04
Posts: 99
Original Poster
Rep:
|
What i wanted to ask is exactly what BDHamp described.This is what is all about:Even if ports are closed amule(or nicotine, or bittorrent or a trojan, or a worm) can have acces to network
|
|
|
03-11-2006, 11:39 AM
|
#10
|
Senior Member
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168
Rep:
|
You need to read up on difference between stateful and stateless firewalls. http://en.wikipedia.org/wiki/Stateful_firewall
http://en.wikipedia.org/wiki/Stateless_firewall
Also note that if using a firewall integrated with a home router, you're likely also using PAT which requires the opening and closing of high port numbers all the time to function. But you didn't ask about that so...
|
|
|
All times are GMT -5. The time now is 12:06 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|