LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-08-2004, 02:23 PM   #1
Mad Malc
Member
 
Registered: Jun 2004
Location: West Midlands UK
Distribution: Mint 2.1 with Kubuntu Desktop
Posts: 59

Rep: Reputation: 15
Internet connection progam permissions? any monitoring software?


Hi this may sound a strange thread but I have been playing with Linux for awhile now and might be about to settle on Suse 9.1, but there is one niggle.
With the firewall I use for Windows, I can set all application programs to ask permission and I also get intrusion attempt notifications.
Now I have Suse Firewall set up for an internet connected machine, but www.grc.com tells me ports 21 ftp, 23 telnet ,80 http, 254 and 255 are open.
running lsof -i I am told sunrpc is open on 3824/3825, googling sunrpc says this is potentially dangerous.
So I would like to know of any software which tells me which application programs are connected to the net, I would like to give permission for such connections (forget user permission) and when I am subject to a port scan attack.
Can you suggest any software which might just allay my fears, for all I know at present I could be running unknown to me a spam engine.
Also The rest of my ports are closed, the firewall I use for windows www.sygate.com is free and completely stealths my machine, at present I am telling any port scanning robot I am here.

Mad Malc
 
Old 08-08-2004, 02:39 PM   #2
b0uncer
LQ Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
I use the linux's kernel-level firewalling, iptables, and have made my machine completely stealth..or let's say, as stealth as one can make it without loosing the ability to work with the machine. anyway, iptables doesn't work on per-app basis like your windoze firewall does, and I don't even know if there is such app for linux. why would one need that kind of app...iptables works nicely for me. the per-app asking is just irritating, and might cause problems if one uses a lot the "don't ask this again" -option that many windoze apps have. iptables is flexible and "silent" guard, yet very effective..

and there are logfile "scanners" for iptables, that can tell if you're under a port scan or something, or if suspicious (perhaps an attack) actions are made..just search the net or sites like Icewalkers.

also, with iptables you can block the traffic on the ports you wish to do so on..
 
Old 08-08-2004, 02:43 PM   #3
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
Does it really matter if a port scan detects an open port? Either you have a service running there open to the world which you're using and keeping as up to date as possible, or you've got nothing there and there's no chance of exploitation. Does it really matter if your machine silently drops a packet or informatively rejects it?
 
Old 08-08-2004, 03:14 PM   #4
Mad Malc
Member
 
Registered: Jun 2004
Location: West Midlands UK
Distribution: Mint 2.1 with Kubuntu Desktop
Posts: 59

Original Poster
Rep: Reputation: 15
Hi B0uncer and Proud,
You have both tried to reaassure me but as you say iptables is a 'silent' guard, so how do I know if it's not just silently offguard?
I have permission to browse the net and launch programs to download send emails etc, as a mere user, so whats stopping a hacker using me as a mere user with these level of permissions as a spam engine.
I would like more noise from my firewall re- assuring me of what a good job it's doing plus the ability to see that only programs I have knowledge of launching are communicating to the net.
Is that too much to ask?

Mad Malc
 
Old 08-08-2004, 03:53 PM   #5
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
I suggest you read up on the basics of exploits and malicious code execution.

You're now not running a browser that's a target for unauthorized malware installation, your OS has all the config and vital system&installation operations locked to only root's access, and everything you install is probably open-sourced, so the code can be checked for backdoors and anything unwanted.

If you are only using your machine for desktop use then you have few to no services running that are open to the world, and thus no place for a cracker to even start to initiate a forced entry to your system. They can only get in via broken input verification code, simply knowing your IP address or pinging a port will not make your pc roll over and let them do as they want with it.

Try something like Guarddog to have a nice firewall configuration gui, maybe then read the resultlng logs. Or do as some do and have an updating tail -f log_file process running in a terminal on your desktop, maybe with some Intrusion Detection System (Tripwire?) if you're truly paranoid.

Last edited by Proud; 08-08-2004 at 03:56 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Connection Monitoring Software PeterRJG Linux - Newbie 3 08-16-2005 12:40 AM
Monitoring software Mclewson Linux - Software 1 11-27-2004 03:10 PM
Network Traffic/ Internet Monitoring Software klownska Linux - Software 3 04-04-2004 07:45 PM
Looking for some help on monitoring software shelby Linux - General 14 12-11-2002 03:36 PM
Needs monitoring software! Bogdan Linux - Networking 3 03-20-2002 03:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration