James G. Sack (jim) wrote:
96.998%Ralph Shumaker wrote:
No, it was 100% of me that wrote it!
James G. Sack (jim) wrote:
[snip]
Yes, not too many moons ago, I had a lot of activity on my DSL for no
good reason. Eventually in the thread, someone mentioned sshd (possibly
among other things). I discovered that I had it running (IIRC), and
shut it down. Instantly, the chinese IP address ceased its traffic on
my eth0.
But I have forgotten how to check for those things to see if they are
running. Services maybe? I don't even see ftp in the services
listing...
The services config tool (system-config-services in redhat, also avail
from the System > Administration > Server Settings > Services [eg, on my
F7]) is a pretty decent gui tool, but I always like to look at the
output of
netstat -lnt
netstat -lnu
to see what ports are in "listen mode" (open to connection) on what
interfaces. The 127.0.0.1 listeners are not accessible outside your own
machine, but the things showing your LAN ip address or "0.0.0.0" (any
ipv4) or ":::" (any ipv6) are open to connection from other computers on
your network. Sometimes it's useful to leave off the -n (numeric) part
of those commands to see interface and port names. If you run those
commands via sudo, try adding the -p option as well, and that tells you
the program doing the listening on those open ports.
Well, ignoring 127.0.0.1, this is what I get:
# netstat -lnpt
Active Internet connections (only servers)
Proto Local Address Foreign Address State PID/Program name
tcp 0.0.0.0:42944 0.0.0.0:* LISTEN 2156/rpc.statd
tcp 0.0.0.0:111 0.0.0.0:* LISTEN 2135/rpcbind
# netstat -lnpu
Active Internet connections (only servers)
Proto Local Address Foreign Address State PID/Program name
udp 0.0.0.0:659 0.0.0.0:* 2156/rpc.statd
udp 0.0.0.0:43032 0.0.0.0:* 2156/rpc.statd
udp 0.0.0.0:68 0.0.0.0:* 18262/dhclient
udp 0.0.0.0:614 0.0.0.0:* 2135/rpcbind
udp 0.0.0.0:53351 0.0.0.0:* 2536/avahi-daemon:
udp 0.0.0.0:5353 0.0.0.0:* 2536/avahi-daemon:
udp 0.0.0.0:111 0.0.0.0:* 2135/rpcbind
udp 0.0.0.0:631 0.0.0.0:* 2563/cupsd
udp W.X.Y.Z:123 0.0.0.0:* 15355/ntpd
udp 0.0.0.0:123 0.0.0.0:* 15355/ntpd
udp W::X:Y:Z:123 :::* 15355/ntpd
udp ::1:123 :::* 15355/ntpd
udp :::123 :::* 15355/ntpd
Columns "Recv-Q" and "Send-Q" for each of the above items is 0.
(Whatever those are.)
One item is showing W.X.Y.Z as my IPv4 address, and another, W::X:Y:Z as
my IPv6 address. Since this info is going to a public list, I figured it
would be better to obscure them. If they are needed for some reason,
pleas let me know.
I understand why ntpd would be there, tho I don't understand why it is
there so frequently. Five lines?
Why would cupsd be there? I don't think it needs interweb access.
If, as most people these days, you are connected to the internet through
a separate residential gateway box, then you only have to worry about
connection from other machines on your household net -- and about any
port-forwarded connections you might have set up in your gateway box.
If you connect directly to the internet, or via a cable modem or other
device that does not have a built-in firewall, then you would have to
worry about access from the whole internet. I see from your email header
that your ISP is probably dslextreme, so I presume you have a DSL modem
-- it probably has a built-in firewall, but you might log in to it's
administrative interface and make sure you don't have any unexpected
port forwarding allowed.
dslextreme, yes. I don't remember if it has firewall built-in. It says
DSL-2320B on the front of it. dlink.com says its firewalling is:
• MAC Filtering
• Packet Filtering
• Stateful Packet Inspection (SPI)
• User Authentication PAP
• User Authentication CHAP
My PC is the only one connected to it, and I have no wireless AP.
*I* didn't set up any port-forwarding in the DSL box. At least I don't
think I did. I don't think I would have unless I knew that I needed it,
which leads me to believe that I did _not_ do so.
I don't remember at the moment where I put my DSL modem booklet. So I
don't know how to log in and check for unexpected port forwarding.
A lot of people have NO other machines on a household network which sits
behind a protective gateway, so worrying about services, and open ports
is mostly an academic exercise. OTOH, if we're talking about a laptop
(which you use outside your home network), then I would recommend
assuming that the security configured within the laptop is your only
reliable friend.
If you have other machines in your home network, it is worth asking not
only do you trust those machines (their users), but do you trust them to
be safely configured and operated (hint: it's probably wise to not trust
any Windows machine).
Agreed. But I have none of the concerns you mention here.
[snip]
And BTW, what do you want to allow your user to do, anyway? It did sound
like you trusted him/her implicitly, but didn't trust remote access
security mechanisms, or maybe didn't trust your users' ability to do
remote access securely?
I would like him to be able to do lots of things, preferably everything
that "su -" lets him do. Would that be a bad thing?
rafael is me, so yes, I trust him implicitly (on most days anyway).
Heh, that's indeed what the sudoers file is supposed to make convenient.
If you are the administrator, then you have to be able to administer, eh?
That sounds like a sideways endorsement of:
rafael ALL=(ALL) ALL
It's like you said just prior: I don't trust remote access security
mechanisms because I don't _need_ to trust them. I never do remote
access. I wish to set up remote access for myself to my friend's
computer, but that is another thread.
And finally, yes, you are correct. I don't trust rafael's ability to do
remote access securely since he has never done it. If I'm going to
learn that, I would prefer it be in an environment like an installfest.
That's a great idea!
Thanks. It seems practical. But I don't look forward to lugging my PC
and monitor (and peripherals), disconnecting and reconnecting cables. Oh
well, it wouldn't be the first time.
--
Ralph
--------------------
Mark Twain once observed that people who spell words the same way all
the time are like people who wear the same clothes every day.
--quoted from http://prorev.com/quotes5.htm
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
