Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have just forwarded a port from my adsl modem/router to allow gnutella to work.
If my meagre understanding of ports is correct, only one program at a time can use any one port. Therefore while my p2p client is connected, provided it has no security vunerabilities, I am fairly safe from intrusion. Is this a reasonable assumption or are there any precautions I should take to secure my pc?
Sort of. Only one process can listen to a port at one time. However, that process could potentially do pretty much anything when a connection comes in. It could pass it onto another process (e.g. inetd listens to port 23 and passes connections to telnetd, if running) or do something else with it.
Also, it isn't just that process which interacts with the data. To get to the point where the process gets the packet, it gets passed up the TCP/IP stack so a vulnerability in networking (e.g. a kernel bug) might still be exploitable.
Having said all that, you are basically right. If a process is listening to a port and the network stack is not exploitable, there is probably no way for an attacker to bypass that process if connecting on that port.
For added security I was considering writing a script whereby the port would normally be closed, but when I start the program it would open the port up. Then when I closed the program it would close the port again.
This should be fairly simple to implement by commenting or uncommenting rules in my firewall.
The problem here though is that I would have to turn the firwall off, do whats required and then restart.
Of course, I will have to add some sort of alert in the event of the firewall not restarting.
What I would like to know is whether it would be possible to be compromised in the short time the firewall would be off? If so the only way round it that I can think of is to disable eth0 first, do the firewall stuff, then re-enable eth0. Unless someone has a better idea...
a bit OT, but this post was interesting... learned something myself
but something described in the above post sounds really cool; actually, i have that built into my router's firmware (wgr646 version 4, firmware version 4.04 - it is called "port triggering)
I am using SuSE 9.0's firewall and it does just that. When I start my p2p client the port shows up in a port scan, but when I close the client it doesn't.
Saves me some work, anyway (although It would have been an interesting exercise!).
Can you give me step by step instructions on how to configured your router to accept gnutella access? I do not have a firewall issue with XP, I am wondering if this firewall is some how in my dsl modem. I am trying to figure out how to do port forwarding or create a virutal server from my router? Will you please help out a girl that is green behind the ears?? THanks
However if you don't have the same router and/or distro as me I wont be able to tell you what boxes to tick, or where to go to enter the required info.
As a start this is what needs to be done:
On your pc:
You will need a static IP address for your network card. It may as well be the one assigned to it by your router when you make the changes, you know its OK.
On your router:
You will need to enable port forwarding (or virtual circuits as Origo call it).
You will need to tell it what the static IP is and disable its DHCP server. Note this is the static IP you have given your network card, not one assigned by your ISP.
You will have to tell it what port to forward.
You must be using NAT (This may not be strictly true, but as I am using it I don't know how to do it any other way!).
If you run into difficulty it would help immensely to know what your router is, what distro you are using, how your router is connected to your pc and what firewall you are using (if any).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.