LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-10-2003, 03:06 PM   #1
BajaNick
Senior Member
 
Registered: Jul 2003
Location: So. Cal.
Distribution: Slack 11
Posts: 1,737

Rep: Reputation: 46
These might be dumb questions but....


Does it matter if i start my firewall after i open my browser?
and...
Does turning off your DSL modem and router then turning them back on have any affect on security somehow?
thanks
 
Old 08-10-2003, 07:32 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
>Does it matter if i start my firewall after i open my browser?

You should probably start your firewall before your network interface is brought up during the init process. I definitely wouldn't wait until I decided surf the internet in order to activate my firewall. You have to remember that a properly configured firewall should be "protecting" any vulnerable services that you have running. Without it activated, they're wide open for anyone to try to access/abuse.

>Does turning off your DSL modem and router then turning them back on have any affect on security somehow?

Depends. If you have a dynamic ip address, simply restarting your DSL modem will force it to re-connect to your ISP and more than likely it will grab a different IP address. So joe script kiddie who just scanned your box and found out that you have a vulnerable version of apache will now be screwed because you no longer have that address. However if you have a static IP address, obviously rebooting the modem/router won't have that affect. Realistically though, unless you're going to reboot your modem throughout the day, it really doesn't help all that much. It can help you to avoid things like ARP cache poisoning and other network high-jinks, but unless someone really doesn't like you, there isn't much of a point for them to go through the effort of doing that to some random DSL network. That's my $.02 anyway.
 
Old 08-10-2003, 07:52 PM   #3
BajaNick
Senior Member
 
Registered: Jul 2003
Location: So. Cal.
Distribution: Slack 11
Posts: 1,737

Original Poster
Rep: Reputation: 46
Huh? I am using Firestarter and on another post i was told that theres no way to start firestarter without entering my root password and by that point my internet connection has already been made a minute earlier. I also have privoxy running but im not sure what thats doing I just installed it and it seems to startup early on in the init process. Is there a firewall that i can use that starts up on its own. ? thanks
 
Old 08-10-2003, 07:59 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Firestarter is just a user-friendly front-end for iptables. So although firestarter doesn't start until you load it, firestarter has previously (when you configured it) written your ruleset to the iptables file. Iptables loads those rules during the init process, IIRC before the network interfaces are brought online. So your firewall is up and running before you can even log in. If you want to check, just run a portscan before and after you turn on firestarter. The results should be the same.
 
Old 08-10-2003, 08:09 PM   #5
BajaNick
Senior Member
 
Registered: Jul 2003
Location: So. Cal.
Distribution: Slack 11
Posts: 1,737

Original Poster
Rep: Reputation: 46
OOHhhhhhh... that makes sense now. Thanks
 
Old 08-10-2003, 08:18 PM   #6
BajaNick
Senior Member
 
Registered: Jul 2003
Location: So. Cal.
Distribution: Slack 11
Posts: 1,737

Original Poster
Rep: Reputation: 46
What do i use for the port scan and what am i looking for? thanks
 
Old 08-10-2003, 08:31 PM   #7
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
If you just want to check if there is a difference before and after you start firestarter, use nmap. Under normal circumstances, using nmap to check the integrity of your firewall isn't really wise, because you're scanning yourself and it won't give the same results as if you scanned from another computer (theoretically). A better way to do it would be to go to one of those "test your firewall" websites and let them scan your system from the outside. But again if you just want to see if there is a difference, you can probably just use nmap. What you'll be looking for (and hopefully seeing), is that the scans will have the same results before and after you turn on firestarter.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
dumb samba questions gulo Linux - Networking 2 03-01-2005 03:05 PM
More dumb questions VBAHole22 Linux - Newbie 1 06-18-2004 09:00 AM
A few really dumb questions about up2date KoopaTroopa Fedora 2 05-06-2004 03:09 AM
Dumb Questions????????????????? fazdoo Linux - Software 6 07-22-2003 06:26 AM
several dumb questions :) k4zau Linux - General 7 04-07-2003 08:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration