Hi, Thanks for your answers, but I have to say you've got me confused. Damien says that firestarter will report connection attempts (exactly what I need) whereas Rob says that firestarter is a firewall and does not "monitor ports". Since I only use dial-up for my computer and I never use it as a server, I really need something simple. What happened to me was that I was on an IRC when somebody obviously took my IP and attempted an ftp access; he/she also tried to access swat on port 901. What I am looking for is not something which needs to work on its own, but only something which would warn me 'ftp access attempt on port 21' or 'swat access attempt on port 901' and offer to authorize it or not (this is what ZoneAlarm did on my old MS box). Alternatively, I how can I best (remember - I am a total newbie at all this) block all my ports (except http to browse) and open them only only when I need them (in my case probably only ftp from time to time).
Sorry for the primitive question... And thanks, Andrei >>> Have you tried firestarter? It's quite simpler than >>> ZoneAlarm --it only has two tabs, one which reports >>> connection attempts and blocked packets, and the other >>> inside of which you can create rules for your firewall >>> >>> http://firestarter.sf.net > > Ok, this is what initially got me into Linux....firewalling and > security. I am not saying i am the shit. God knows that i am not. I am > just saying this is a HUGE field that you actually got to do the > research yourself b/c there are so many capabilities of apps out there. > > Also, i am not stating that Damien is incorrect in his information. > > Firestarter is not a port "monitor". It is a front end to IPTables. > IPTables is a firewall. If your wanting a port monitor look into Snort > or other IDS (intrusion detection system). Snort is the best IDS out > there, with options of a firewall. If your wanting a firewall then go > with IPtables. If you go with IPTables and you want a GUI configurator > then go with Firestarter. > > The difference being: > firewall: you setup to block/allow certain packets going in/out of > certain ports. For instance, if you have a web server but not an ftp > server, you allow > port 80 and block port 21. > IDS: you look at each packet and see if the insides look like an attack > that is defined by your ruleset. For instance, if you have an ftp > server you obviously > allow port 21 BUT you look at each packet and see if it contains > malformed packets > that would possibly look like a DDoS or something else where the > intruder is trying > to actually attack the ftp server to grab your /etc/passwd file. Thats > more or less > security of the FTP server BUT it can be configured in your IDS rules. > > Just remember that a "port monitor" and a firewall are totally > different. IPTables and Snort can actually do monitoring and firewalling > BUT > IPTables is made for firewalling and Snort is made for IDS. > > If your wanting "port monitor" then Snort would be it. > http://www.snort.org for cabled networks > http://airsnort.shmoo.com for wifi > > For IP Tables and firewall > http://www.netfilter.org > > Rob Linux-Mandrake 9 (Dolphin) Mandrake Club Silver Member Registered Linux user: 226850 Registered Linux computer: 183163
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
