Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
01-03-2006, 04:16 PM
|
#1
|
|
Member
Registered: Sep 2004
Distribution: Slackware 10.2
Posts: 276
Rep: 
|
possible to close all ports? can you still be hacked?
So there are 65k ports available, is it possible to close all of them to incoming connections? If all your ports are closed can a remote hacker still get in? Can closed ports be forced open and that is where a filtered port comes in?
|
|
|
|
|
01-03-2006, 04:20 PM
|
#2
|
|
Member
Registered: Sep 2002
Posts: 310
Rep: 
|
Code:
iptables -P INPUT DROP
|
|
|
|
|
01-03-2006, 04:26 PM
|
#3
|
|
Moderator
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696
|
You can close all the ports. It means, in fact, shutting down all applications listening on them. Possible and doable. It does much to make intruder's life harder, but it doesn't make the compromise impossible. You may be tricked into running a script or checking a page that results in malicious software beeing run on your machine, for example. Closing all ports helps, but you still need to be careful.
Closed ports can be only made open if an application (running on your machine) opens them. If you're in control of your programs, you may be quite sure they won't do such thing  |
|
|
|
|
01-03-2006, 04:32 PM
|
#4
|
|
Senior Member
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549
Rep:
|
Quote:
|
So there are 65k ports available, is it possible to close all of them to incoming connections?
|
Yes, as GNUbie pointed out. If you don't like writing iptables commands directly try something like Firestarter of Guarddog which provide GUIs for setting up your firewall.
Quote:
|
If all your ports are closed can a remote hacker still get in?
|
Possibly. Security is a complex thing with browser vulnerabilities and the like. However closing all ports to outside connections is a massive help and if you use the computer sensibly your very unlikely to get hacked in Linux.
Code:
Can closed ports be forced open and that is where a filtered port comes in?
Not really. If a firewall is set to not accept traffic on a port then it won't. What exactly do you mean by filtered? It can have different meanings when it comes to ports.
A firewall can either accept a packet on a port (ie its not 'firewalled'), drop the packet and send no response or drop the packet and send a response saying that the port is closed. For most home users just dropping the packet and sending no response is fine and is probably the default on programs like Firestarter and Guarddog. |
|
|
|
|
01-03-2006, 06:26 PM
|
#5
|
|
Member
Registered: Sep 2004
Distribution: Slackware 10.2
Posts: 276
Original Poster
Rep:
|
Quote:
|
Originally Posted by Mara
You can close all the ports. It means, in fact, shutting down all applications listening on them. Possible and doable. It does much to make intruder's life harder, but it doesn't make the compromise impossible. You may be tricked into running a script or checking a page that results in malicious software beeing run on your machine, for example. Closing all ports helps, but you still need to be careful.
Closed ports can be only made open if an application (running on your machine) opens them. If you're in control of your programs, you may be quite sure they won't do such thing |
Ah, yes client software flaws could be an avenue of attack. Didnt think of that. Thanks for help. |
|
|
|
|
01-03-2006, 06:30 PM
|
#6
|
|
Member
Registered: Sep 2004
Distribution: Slackware 10.2
Posts: 276
Original Poster
Rep:
|
Quote:
|
Originally Posted by tkedwards
What exactly do you mean by filtered?
|
Just going on with what a network mapper (ex. nmap) reports: open, closed, or filtered.
Quote:
|
Originally Posted by tkedwards
drop the packet and send no response or drop the packet and send a response saying that the port is closed.
|
This would be the -j DROP and -j REJECT options in iptables, respectively. Correct? Does it just save bandwidth and time to not send a reponse back? |
|
|
|
|
01-03-2006, 06:56 PM
|
#7
|
|
Senior Member
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549
Rep:
|
AFAICT:
Open in nmap is ACCEPT in iptables, ie. a connection can be made
Closed in nmap is REJECT in iptables, ie. the incoming packet is dropped and a response packet saying so is sent back
filtered in nmap is DROP in iptables, ie. the incoming packet is dropped without a response being sent back
|
|
|
|
All times are GMT -5. The time now is 12:11 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
