Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Also: port-numbers greater than 1024 can be opened by any program, without requiring special privileges. Many programs do establish outbound connections using randomly-chosen port numbers. Also, many services "rendezvous" using a known (privileged) port-number, but only use this connection to establish the particulars for a subsequent conversation which takes place through a non-privileged, randomly chosen port. The connection remains until the parties are finished talking, then it is torn-down. There can be a lot more of this activity than you might think, and a lot more "churn" than you might expect.
Basically, you should find that all of the connections which you see are "plausible." It should make sense to you that the program in question exists, and that it would be talking to that particular party, and that it should be transferring such amount of traffic. In the case of low port-numbers, less than 1024, you should be able to account for each and every one, and you should not have any of these ports open "gratuitously."
If you need to have persistent connections to another computer, then I happen to be a big fan of VPN. Set up certificates (not PSKs = passwords!) on both ends so that each system can uniquely recognize the other(s), and shovel your traffic through that tunnel. Most routers have a hardware implementation of it. To authorized users, VPN is invisible. To everyone else, it's a steel door tightly shut. With a hardware implementation there is no delay in speed.
Last edited by sundialsvcs; 06-20-2014 at 09:11 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.