Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
Just to add some more thought to this post. A lot of routers come with uPnPhttp://en.wikipedia.org/wiki/Universal_Plug_and_Playcapability enabled. There have been some cases of the router itself having a uPnP vulnerability. I just picked thishttp://www.haveyougotwoods.com/archive/2008/01/15/common-home-router-exploit-upnp-enabled-routers-only.aspxlink of a google search for example. There was a BT Home Hub backdoor that was doing the rounds once a while ago here http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub/ Personally I turn off uPnP unless its needed, some applications and gaming consoles will use it I think. Id be interested to hear if anyone knows if reported backdoors on sky netgear routers? Mark -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23/04/2010 11:47, John Matthews wrote: Even though we get told most of the time Linux is safe, the more tis used, the more viruses will get written for it. I noticed somebody was talking about checking ports to see if they are visible to the outside. How do you do that? Is there any software, or can it be done via the Terminal. Can somebody help? John. In the past, I've used the Shields Up Scanner at www.grc.com/into.htm to test for open ports, how accurate it I couldn't say though. Dave -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23 April 2010 11:47, John Matthews jake...@sky.com wrote: Even though we get told most of the time Linux is safe, the more tis used, the more viruses will get written for it. I noticed somebody was talking about checking ports to see if they are visible to the outside. How do you do that? Is there any software, or can it be done via the Terminal. Can somebody help? nmap can do this. http://nmap.org/bennieston-tutorial/ Cheers, Al. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23/04/10 11:47, John Matthews wrote: Even though we get told most of the time Linux is safe, the more tis used, the more viruses will get written for it. If you think about it, a great deal of the world's business and network infrastructure runs on Unix and Linux systems. There are fundamental differences between these platforms and Windows which make writing viruses hard and make virus proliferation *very* hard to do. Obviously we can never say never, but to get a virus to propagate on Unix based systems really requires them to be just badly set up or for you to be running as root. For the uber-paranoid, one way to virtually emilinate the risk of virus propagation is to have 2 accounts on your system and only ever use the one with non-admin rights to surf and retrieve emails etc. This way, even if you are tricked into running something that needs sudo, you won't be able to run it. I noticed somebody was talking about checking ports to see if they are visible to the outside. How do you do that? Is there any software, or can it be done via the Terminal. Can somebody help? http://lmgtfy.com/?q=open+port+checker Top search result. Al -- The Open Learning Centre http://www.theopenlearningcentre.com -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On Fri, 2010-04-23 at 11:51 +0100, Alan Pope wrote: On 23 April 2010 11:47, John Matthews jake...@sky.com wrote: Even though we get told most of the time Linux is safe, the more tis used, the more viruses will get written for it. I noticed somebody was talking about checking ports to see if they are visible to the outside. How do you do that? Is there any software, or can it be done via the Terminal. Can somebody help? nmap can do this. http://nmap.org/bennieston-tutorial/ netstat -l is another option that will give you an initial idea of what's open and listening. Bruno -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23/04/10 11:47, John Matthews wrote: Even though we get told most of the time Linux is safe, the more tis used, the more viruses will get written for it. I noticed somebody was talking about checking ports to see if they are visible to the outside. How do you do that? Is there any software, or can it be done via the Terminal. Can somebody help? John. There is Shield's Up from the Gibson Research Corporation... https://www.grc.com/x/ne.dll?bh0bkyd2 What it does is check against your internet side IP address (the IP address that your ISP will give you) and it will scan for open ports (basically whatever your router might be forwarding to your internal PC IP addresss). Rob -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23/04/10 11:51, Alan Pope wrote: On 23 April 2010 11:47, John Matthewsjake...@sky.com wrote: Even though we get told most of the time Linux is safe, the more tis used, the more viruses will get written for it. I noticed somebody was talking about checking ports to see if they are visible to the outside. How do you do that? Is there any software, or can it be done via the Terminal. Can somebody help? nmap can do this. http://nmap.org/bennieston-tutorial/ Cheers, Al. Thanks everybody, I appreciate the help. I will try see if I can understand it now. @Alan Lord..that is very clever I'm impressedalso very patronisingand you wonder why it is I react the way I do on here and IRC ubuntu-uk. I want to say more. If I understood how it worked, I wouldnt have needed to ask. The way I see it, you didnt have to talk, just do what Alan Pope did, just give some urls, that didnt hurt. Or better still, say nothing. Because it didnt help, apart from the wind me up even more. If it means anything, I did a google search, prior to e-mailing, and couldnt work out if they were talking about Linux or Windows, or what they would work on. In that search it didnt seem to mention Linux at all, so I dont know if it will work on Linux or not, hence the question. @Alan LordIn that search you just performed for me, it mentions nothing about Linux, so how do I know if it will work. John -- Ubuntu User #30817 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23/04/10 12:22, Bruno Girin wrote: On Fri, 2010-04-23 at 11:51 +0100, Alan Pope wrote: On 23 April 2010 11:47, John Matthewsjake...@sky.com wrote: Even though we get told most of the time Linux is safe, the more tis used, the more viruses will get written for it. I noticed somebody was talking about checking ports to see if they are visible to the outside. How do you do that? Is there any software, or can it be done via the Terminal. Can somebody help? nmap can do this. http://nmap.org/bennieston-tutorial/ netstat -l is another option that will give you an initial idea of what's open and listening. Bruno @Bruno..thank you for that.Now that is interesting, I just entered that into the Terminal, it seems that there is line upon line of listening, but nothing saying open. What does it all mean? John -- Ubuntu User #30817 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23/04/10 12:44, John Matthews wrote: @Alan Lord..that is very clever I'm impressedalso very patronisingand you wonder why it is I react the way I do on here and IRC ubuntu-uk. I want to say more. If I understood how it worked, I wouldnt have needed to ask. The way I see it, you didnt have to talk, just do what Alan Pope did, just give some urls, that didnt hurt. Or better still, say nothing. Because it didnt help, apart from the wind me up even more. Sorry. No offence intended. LMGTFY is used frequently and I don't take offence when it is offered to me. If it means anything, I did a google search, prior to e-mailing, and couldnt work out if they were talking about Linux or Windows, or what they would work on. In that search it didnt seem to mention Linux at all, so I dont know if it will work on Linux or not, hence the question. Initially, what should be of interest is actually what ports are open to the outside world via your router. It doesn't really matter if the machines are Windows or not to start with. Find out what ports are accessible from the Internet and then work out if they need to be open or not on the router. Unless you are hosting a web site, ssh access or a mail server there aren't many other reasons why your router should expose any open ports at all. Most DSL routers perform a function called NAT (Network Address Translation) so that the single IP address that is on the Internet side can be mapped to multiple individual IP addresses on the private side. As a direct consequence of this, you have to explicitly configure port forwarding from the Internet to a specific machine on your network for a specific port, or as has been discussed before, a DMZ (De-Militarised Zone) to which all unknown incoming traffic is directed. Once you have the router setup correctly, you can then use tools like nmap from your Ubuntu pc to show you what ports are open on *every* machine on your local network. You can then decide if they need to be open or not on a case-by-case basis. @Alan LordIn that search you just performed for me, it mentions nothing about Linux, so how do I know if it will work. See above. These web based sites will tell you what ports are open to the Internet. For example using any of those tools on my IP address (the one I have on the Internet Side of my router) would show you I only have 3 ports open: 22 (ssh) 80 (web) and 8080 (Another web service). On my router each of those ports are forwarded to specific machines and ports on my network. I also have a couple of ports configured on the router's firewall to only allow traffic from a known destination IP and Port to connect to a specific host/port on my LAN. A port scanner will not pick these up of course. HTH Al -- The Open Learning Centre http://www.theopenlearningcentre.com -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23/04/10 13:12, Alan Lord (News) wrote: On 23/04/10 12:44, John Matthews wrote: @Alan Lord..that is very clever I'm impressedalso very patronisingand you wonder why it is I react the way I do on here and IRC ubuntu-uk. I want to say more. If I understood how it worked, I wouldnt have needed to ask. The way I see it, you didnt have to talk, just do what Alan Pope did, just give some urls, that didnt hurt. Or better still, say nothing. Because it didnt help, apart from the wind me up even more. Sorry. No offence intended. LMGTFY is used frequently and I don't take offence when it is offered to me. If it means anything, I did a google search, prior to e-mailing, and couldnt work out if they were talking about Linux or Windows, or what they would work on. In that search it didnt seem to mention Linux at all, so I dont know if it will work on Linux or not, hence the question. Initially, what should be of interest is actually what ports are open to the outside world via your router. It doesn't really matter if the machines are Windows or not to start with. Find out what ports are accessible from the Internet and then work out if they need to be open or not on the router. Unless you are hosting a web site, ssh access or a mail server there aren't many other reasons why your router should expose any open ports at all. Most DSL routers perform a function called NAT (Network Address Translation) so that the single IP address that is on the Internet side can be mapped to multiple individual IP addresses on the private side. As a direct consequence of this, you have to explicitly configure port forwarding from the Internet to a specific machine on your network for a specific port, or as has been discussed before, a DMZ (De-Militarised Zone) to which all unknown incoming traffic is directed. Once you have the router setup correctly, you can then use tools like nmap from your Ubuntu pc to show you what ports are open on *every* machine on your local network. You can then decide if they need to be open or not on a case-by-case basis. @Alan LordIn that search you just performed for me, it mentions nothing about Linux, so how do I know if it will work. See above. These web based sites will tell you what ports are open to the Internet. For example using any of those tools on my IP address (the one I have on the Internet Side of my router) would show you I only have 3 ports open: 22 (ssh) 80 (web) and 8080 (Another web service). On my router each of those ports are forwarded to specific machines and ports on my network. I also have a couple of ports configured on the router's firewall to only allow traffic from a known destination IP and Port to connect to a specific host/port on my LAN. A port scanner will not pick these up of course. HTH Al Hi Alan, thanks for your reply, that helped a lot. I am still wondering about the Ping problem that I mentioned earlier. In that test, I passed everything, was telling me that I am not visible, but still fail because they can ping my pc. How are you affected with being pinged, and is it worth blocking pinging. John -- Ubuntu User #30817 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23/04/10 12:31, Rob Beard wrote: On 23/04/10 11:47, John Matthews wrote: Even though we get told most of the time Linux is safe, the more tis used, the more viruses will get written for it. I noticed somebody was talking about checking ports to see if they are visible to the outside. How do you do that? Is there any software, or can it be done via the Terminal. Can somebody help? John. There is Shield's Up from the Gibson Research Corporation... https://www.grc.com/x/ne.dll?bh0bkyd2 What it does is check against your internet side IP address (the IP address that your ISP will give you) and it will scan for open ports (basically whatever your router might be forwarding to your internal PC IP addresss). Rob Hi Rob, Now that is interesting. I did all the checks, and came back telling me I am 100% in stealth, but I still failed because they could ping me. Plus, it was a bit strange because on one of the things it said 'it was unusual to find a windows machine so completely hidden'. But I'm not using windows, I'm using Ubuntu. That is amazing really considering. John -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
Hi John, Now that is interesting. I did all the checks, and came back telling me I am 100% in stealth, but I still failed because they could ping me. Some routers by default block WAN pings some do not. My Sky router has a field called respond to ping on WAN port its checked off. I passed the test with all my ports in stealth mode. Basically the check at the link rob passed runs a port scan against the WAN side of your router. This is if your are connected via a router. If you connect directly via a USB modem or a Cable modem then it will scan your PC directly. Plus, it was a bit strange because on one of the things it said 'it was unusual to find a windows machine so completely hidden'. But I'm not using windows, I'm using Ubuntu. That is amazing really considering. :-) I would say that its making an assumption that your running windows. Lets face it us Linux users are pretty much in a minority at least when it comes to the OS of choice on the desktop / laptop. Thanks Mark -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23/04/10 16:58, Markie wrote: Hi John, Now that is interesting. I did all the checks, and came back telling me I am 100% in stealth, but I still failed because they could ping me. Some routers by default block WAN pings some do not. My Sky router has a field called respond to ping on WAN port its checked off. I passed the test with all my ports in stealth mode. Basically the check at the link rob passed runs a port scan against the WAN side of your router. This is if your are connected via a router. If you connect directly via a USB modem or a Cable modem then it will scan your PC directly. Plus, it was a bit strange because on one of the things it said 'it was unusual to find a windows machine so completely hidden'. But I'm not using windows, I'm using Ubuntu. That is amazing really considering. :-) I would say that its making an assumption that your running windows. Lets face it us Linux users are pretty much in a minority at least when it comes to the OS of choice on the desktop / laptop. Thanks Mark Hi Mark, thats done it. Brilliant. I looked for respond to ping on WAN port in my router settings, found it, it was ticked, I unticked, then ran the test again, and passed everything. That is brilliant. Thank you. Feel a bit better now. John -- Ubuntu User #30817 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23 April 2010 17:24, John Matthews jake...@sky.com wrote: On 23/04/10 16:58, Markie wrote: Hi John, Now that is interesting. I did all the checks, and came back telling me I am 100% in stealth, but I still failed because they could ping me. Some routers by default block WAN pings some do not. My Sky router has a field called respond to ping on WAN port its checked off. I passed the test with all my ports in stealth mode. Basically the check at the link rob passed runs a port scan against the WAN side of your router. This is if your are connected via a router. If you connect directly via a USB modem or a Cable modem then it will scan your PC directly. Plus, it was a bit strange because on one of the things it said 'it was unusual to find a windows machine so completely hidden'. But I'm not using windows, I'm using Ubuntu. That is amazing really considering. :-) I would say that its making an assumption that your running windows. Lets face it us Linux users are pretty much in a minority at least when it comes to the OS of choice on the desktop / laptop. Thanks Mark Hi Mark, thats done it. Brilliant. I looked for respond to ping on WAN port in my router settings, found it, it was ticked, I unticked, thenĀ ran the test again, and passed everything. That is brilliant. Thank you. Feel a bit better now. Note that the ping was not getting through to your PC, it was the router that was responding to the ping. Colin -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
On 23/04/10 17:52, Colin Law wrote: On 23 April 2010 17:24, John Matthewsjake...@sky.com wrote: On 23/04/10 16:58, Markie wrote: Hi John, Now that is interesting. I did all the checks, and came back telling me I am 100% in stealth, but I still failed because they could ping me. Some routers by default block WAN pings some do not. My Sky router has a field called respond to ping on WAN port its checked off. I passed the test with all my ports in stealth mode. Basically the check at the link rob passed runs a port scan against the WAN side of your router. This is if your are connected via a router. If you connect directly via a USB modem or a Cable modem then it will scan your PC directly. Plus, it was a bit strange because on one of the things it said 'it was unusual to find a windows machine so completely hidden'. But I'm not using windows, I'm using Ubuntu. That is amazing really considering. :-) I would say that its making an assumption that your running windows. Lets face it us Linux users are pretty much in a minority at least when it comes to the OS of choice on the desktop / laptop. Thanks Mark Hi Mark, thats done it. Brilliant. I looked for respond to ping on WAN port in my router settings, found it, it was ticked, I unticked, then ran the test again, and passed everything. That is brilliant. Thank you. Feel a bit better now. Note that the ping was not getting through to your PC, it was the router that was responding to the ping. Colin Hi Colin, thank you for pointing that out. I keep forgetting I have a router, and things work differently with it. If I can connect to the internet, I dont think about it, it is only when it breaks, I remember. John. -- Ubuntu User #30817 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Checking to make sure you are safe...port checking etc.
Just to explain why the ping test is probably in Shields-up, is that... In times long-gone, and around about when Shields-Up was being created, many people would be using Dial-up, and even getting a ping from an IP address in a dial-up range would make you a fair target (as it was likely that would be an unprotected host). Nowdays, most people sit behind a router, if only because we want wifi or have two-or-more PCs in the house, (or most likely, because the ISP got a bulk load of cheap aDSL routers that weren't just modems) that it becomes more convenient to have another device there which does it... and if that also offers a little bit more protection at the same time... well, that's useful :) All the best, -- Jon The Nice Guy Spriggs This message was sent from my mobile phone. Please, therefore, excuse any typo's, gramatical errors or top posting that may occur as a result. On 23 Apr 2010 18:01, John Matthews jake...@sky.com wrote: On 23/04/10 17:52, Colin Law wrote: On 23 April 2010 17:24, John Matthewsjake...@sky.com wrote:... Hi Colin, thank you for pointing that out. I keep forgetting I have a router, and things work differently with it. If I can connect to the internet, I dont think about it, it is only when it breaks, I remember. John. -- Ubuntu User #30817 -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ub... -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
