Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm quite a newbie with security-related things on linux, and just learning these... so I guess somebody has a simple answer to this question (hopefully ) which is related to a firewall based on iptables...
First of all, net-based tests (like the one at grc.com) show my ports as "stealth", but of course when I did a quick scan with nmap, it revealed my ports were all closed - except for one: port number 6000 (tcp), used by X11, was open. How's this possible? I've tried few times to get all the ports closed, but no - number 6000 isn't that easy, it just stays open no matter what I do.
So is there a way to get this damn port closed, or at least look like it? And why the heck is it open? Does X11 truly need an open port to work? Can't be...because if it is, then my X is going for a long walk with no return.
I also found that (at least in my opinion) grc-type test are quite easy to pass, but is there a way to get protected from scans like nmap? Was there or not, please tell me how I'll get my X11's open port closed.....
(please keep in mind I haven't played long with all these fwall, iptables, netfilters nor other related stuff...basically just read something about them and tried out for a small amount of time)
No, X does not need the port to work. Read the manual page for how to disable listening on TCP. Second thing, are you using nmap from your system? If so, you will see ports that are open _locally_ -- they may not be accessible from the Internet (I once made this mistake when I first dealt with firewalling, I thought all my rules were failing).
ok thanks.. and yes, I did run nmap from my own machine. I guess I'll have to ask a friend to run it
btw. I read an article (somewhere on the web...couldn't find it today anymore when I remembered it.. :/ ) about how to "cheat" the nmap's OS guessing. I can't remember how it exactly went, but it had something to do with netfilter...any clues on how it might go? the basic idea was (I think) to get, with the aid of netfilter-kernel module, the system look to a scanner like some another system than it really is....?
Originally posted by b0uncer the basic idea was (I think) to get, with the aid of netfilter-kernel module, the system look to a scanner like some another system than it really is....?
This is not really worth it. If you have external services running it is usually trivial to make one of them expose data about the system. If you do not have external services running, then your dropping everything from nmap does not give it too many clues =). In general, you would be better spending your time reading about how to lock down the firewall rules and looking into general system security.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.