Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-27-2001, 11:43 PM   #1
Registered: Dec 2000
Location: South Australia
Distribution: RedHat 7.2
Posts: 55

Rep: Reputation: 15

Hello to all.
This looks like a great place to ask a question or two, so here goes.
At home here we have two windows based comps routing through a Linux box to the Internet.
I'm getting interested in IPCHAINS, as I installed it a while back to get onto the Internet, but now I would like to know a little more about it.
It's initially set up to block all packets past the forward chain, and then masquerading takes over.
This is where some questions arise for me, I assume that Masquerading will only accept incoming packets from the Internet, and pass them on to the output chain, if it knows their identity.
That is to say, it is an incoming packet that is a result of a previous request for a web page as an example.
The reason I think this is that I read that IRC, FTP etc need to send packets that do not meet this requirement, and so need special modules to be installed to allow them to work.
But I visited a site, and let their scanners loose on my system.
It wasn’t too bad, but some ports were clearly open, and after some reading, I added some extra rules to the input chain to DENY access to them.
All good and well, as they all show up as stealth now, although as the site explains, these were only the most commonly scanned ports.
So to cut an already long post short, here are my two questions.
Why did some ports show up as open?? That is if what I said above is correct, but I feel I've missed something basic here.
The second question is…… take FTP as an example, lets say that I was running the module to allow FTP to work (I believe there's two modes….only one needs the module to be installed?)
Then I do a port scan only to find the port is wide open and clearly visible to a hacker.
So I then write a rule to block any access to the ports in question, does that now mean that FTP is now rendered useless (depending on which mode)??
And if it does, doesn’t that mean that to open the port is a security risk for an organisation trying to secure their network from the outside world ??

Thanks in advance

Old 01-30-2001, 01:42 AM   #2
Registered: Dec 2000
Location: South Australia
Distribution: RedHat 7.2
Posts: 55

Original Poster
Rep: Reputation: 15
Well after a good glass of red, Iv'e come to the conclusion that if a scanner finds an open port on the Linux box, then the port would be the result of a "local" process.
And if it's a local process, then I guess that rules out any forwarding at all.
Thats my theory anyway.

I do believe there's a drop left in that bottle of red.

ps. sorry I posted this in the wrong forum!



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ipchains whaase Linux - Networking 4 02-17-2003 12:14 PM
help with ipchains? Suspect Linux - Newbie 2 09-02-2002 11:28 PM
ipchains newbie. Kernel newbie skeletal29 Linux - Security 3 06-02-2002 03:30 AM
ipchains bimble Linux - Networking 3 12-13-2001 02:33 AM
newbie ipchains setup HELP skittles Linux - Security 5 09-13-2001 03:23 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:11 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration