Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ok, i have suse 10,with built in firewall.I installed amule.Before opening tcp,UDP ports in firewall amule could work,but not very well.I could download,upload anything,in a low speed though.So my questions is how does it protect me ,since programmes(or an intruder) have acces to network(or my system) even if this acces is poor?
It is probably slower because the firewall is filtering the packets as they pass, and (I'm not too familiar with amule) the filtering process could be slowing it down.
I'm guessing that the only thing someone else on amule could do is view the files you have downloaded and are allowing for upload, correct? They do not have access to all your other files. Then, unless there is a bug in amule, you should be safe. Your firewall is filtering the ports used by amule (or so it seems from the information you've given), so any odd activity *should* be spotted by the firewall.
How does the firewall protect you? Simple. It is filtering all the other ports other than the amule ones to protect you. Sure, an attacker might go for your amule port which may be slightly vulnerable - but unless you were running an unpatched version of amule with known vulnerabilities then they would have quite a lot of trouble getting in. You mention you are in a network - does your router have an inbuilt SPI firewall?
My guess is that you are more secure than you think - but I've never used amule in my life, so I can't help you there.
My questions was not for amule only.I just gave it as an exmple,to ask if a firewall protects me even if programmes(any programmes),which are not "allowed to reach network" can reach network but poorly
If you block or drop certain types of packages - or you take them, then log them, then drop them...these packages will not go through - anything else will. There is no in between - like you suggested that they will still go through, but poorly.
Eighter yes or no.
A properly configured firewall will guarantee that packets can only get through to certain ports. If your amule packets are still getting through then they must be using some other ports that are being left open.
Based on what was said, I believe delta_9 was simply offering an example of opening ports and asking, then, if the firewall is still any protection once those ports are open. The reason for this example, I suspect, is that the eDonkey network, which aMule uses, requires you to open two specific ports so that you can receive a HighID on the network, which, without going into all the details, generally lets you transmit and receive faster. It will work without these ports open, but you get a LowID on the network and have to go through the server rather than direct connections, which slows things down.
I'm no eDonkey network expert, but here's my best guess:
The firewall only filters incoming connections. That is, no one can connect to you, but you can connect to anyone (OP: think of it as having an unlisted phone number if it helps).
If a lot of people also filter incoming connections, that means there's a lot of people you can't connect to; if there's fewer people you can connect to, that means there are fewer hosts to send you the data you need, thus you get a lower bitrate.
So, it does not conflict with the empirical evidence. Why do I think this is likely? Because it makes sense--on most desktop machines, you don't offer services to the world (that is, you're always a client, never a server), so there's usually no need to have anyone connect to you.
Peer-to-peer really shows that this assumption is wrong--you want to have people connecting to you; however, the adaption is slow.
What i wanted to ask is exactly what BDHamp described.This is what is all about:Even if ports are closed amule(or nicotine, or bittorrent or a trojan, or a worm) can have acces to network
Also note that if using a firewall integrated with a home router, you're likely also using PAT which requires the opening and closing of high port numbers all the time to function. But you didn't ask about that so...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.