LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 07-10-2015, 09:15 AM   #16
bassmadrigal
Senior Member
 
Registered: Nov 2003
Location: Newport News, VA
Distribution: Slackware
Posts: 4,301

Rep: Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278

Quote:
Originally Posted by fr2632 View Post
Even if the OP scanned his own conf, would you explain to me how can somebody can break in without knowing his WAN IP ? Its like I give you my house keys but you have to figured out in which part of the world I live, and that would be impossible.
I'm not sure why you felt it necessary to ask this on a thread that's almost 2 years old, but it doesn't matter if the WAN IP isn't known. Lots of people scan lots of IPs for open ports. If someone finds port 623 open on an IP, then they could look at finding a way to exploit it.

With your house analogy, imagine that the person who has your keys can check 1000s of houses a minute, exponentially more if they have a botnet (make copies of keys and lets others check 1000s of houses a minute).

With computers, with a limited number of IPs, nothing is impossible. It just takes time. I get ssh attempts on my IP all the time, and I don't have my IP posted publically, and I don't have my dynamic DNS name posted publically either. My public sites are hosted on a separate network and my dynamic DNS is only for me to access my local network. So there is no way a hacker found my machine from me posting it somewhere publically. They scanned a bunch of IPs and found a port open on my computer and then attempt to exploit that. Luckily, since I have root access disabled from ssh, they'd have to guess my username and password. It still isn't the most secure since I can change the port or disable passwords, but it is a choice I make knowingly.

If you don't think that a hacker can find you without you posting your public IP, you are sadly mistaken.
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 07-10-2015, 09:41 AM   #17
fr2632
LQ Newbie
 
Registered: Jan 2013
Posts: 11

Rep: Reputation: Disabled
Quote:
Originally Posted by bassmadrigal View Post
I'm not sure why you felt it necessary to ask this on a thread that's almost 2 years old, but it doesn't matter if the WAN IP isn't known. Lots of people scan lots of IPs for open ports. If someone finds port 623 open on an IP, then they could look at finding a way to exploit it.

With your house analogy, imagine that the person who has your keys can check 1000s of houses a minute, exponentially more if they have a botnet (make copies of keys and lets others check 1000s of houses a minute).

With computers, with a limited number of IPs, nothing is impossible. It just takes time. I get ssh attempts on my IP all the time, and I don't have my IP posted publically, and I don't have my dynamic DNS name posted publically either. My public sites are hosted on a separate network and my dynamic DNS is only for me to access my local network. So there is no way a hacker found my machine from me posting it somewhere publically. They scanned a bunch of IPs and found a port open on my computer and then attempt to exploit that. Luckily, since I have root access disabled from ssh, they'd have to guess my username and password. It still isn't the most secure since I can change the port or disable passwords, but it is a choice I make knowingly.

If you don't think that a hacker can find you without you posting your public IP, you are sadly mistaken.
Exactly! so whats the deal with sharing your ports and internal IPs ? If you have a good setup like indeed deny root access in your ssh conf and a good configured firewall there is nothing to worry about. I also own a server open to the public and I constantly see in the auth.log bots trying to access random ports with root as user, I perfectly know.
 
Old 07-10-2015, 10:15 AM   #18
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2 on Lenovo Thinkpad W520
Posts: 7,703

Rep: Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620Reputation: 2620
Quote:
Originally Posted by fr2632 View Post
Exactly! so whats the deal with sharing your ports and internal IPs ? If you have a good setup like indeed deny root access in your ssh conf and a good configured firewall there is nothing to worry about. I also own a server open to the public and I constantly see in the auth.log bots trying to access random ports with root as user, I perfectly know.
This post as well as your previous one is irrelevant as this thread is certainly viewed by many people not aware of the means to secure their connections. These people could think from what you first wrote that keeping ports open don't put their system at risk, even if they didn't take any safety measure. You are giving this audience a disservice.

Furthermore there was no point quoting a post more than three years old.

Last edited by Didier Spaier; 07-10-2015 at 10:17 AM.
 
Old 07-10-2015, 11:54 AM   #19
bassmadrigal
Senior Member
 
Registered: Nov 2003
Location: Newport News, VA
Distribution: Slackware
Posts: 4,301

Rep: Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278Reputation: 2278
Quote:
Originally Posted by fr2632 View Post
Exactly! so whats the deal with sharing your ports and internal IPs ? If you have a good setup like indeed deny root access in your ssh conf and a good configured firewall there is nothing to worry about. I also own a server open to the public and I constantly see in the auth.log bots trying to access random ports with root as user, I perfectly know.
The point of the post you originally quoted is it is a bad idea for manufacturers to just leave ports like this open without somehow notifying customers and you responded basically saying, "Who cares, since you don't have the WAN IP?" That is what prompted my response, because it shouldn't matter if you have the WAN IP or not. Manufacturers should do their best to ensure an item is relatively secure when first started, which as this topic showed, wasn't the case here.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
port 25 filtered despite firewall having port 25 open ille.pugil42 Linux - Security 8 03-09-2007 12:51 AM
best port scanner To scan open port in a network tanveer Linux - Security 8 01-21-2007 08:19 PM
cannot SFTP to SUSE 9.2 box, port 22 open, can putty in though using same port. jgrady Linux - Networking 6 03-29-2005 08:44 AM
modem adsl zxyel p-623 me, driver? william777 Linux - Hardware 0 01-19-2005 10:21 AM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 12:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 04:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration