Got a question about ports...

[udaki]

Ever since I got firestarter(the GUI Gnome frontend using iptables)I've been having logs of remote attacks on alot of ports from alot of ips.The only port I left open was X11 and I wanted to know if you close the port can they still open the ports remotely?

[WMD]

Open them remotely?  Not that I know of.

[M51DPS]

So long as they aren't using an exploit in X11, you should be pretty safe. Those attacks are probably from computers infected with worms, and nothing to worry about unless you have an unpatched windows box.

EDIT: Well, maybe if the same IP is continually scanning and trying to do things, it might be a good idea to do something like e-mail their ISP or block their address or something....

[ August 31, 2004: Message edited by: M51DPS ]

[Master of Reality]

sounds to me like the security is a bit to tight and thinks that some harmless packets are attacks.

Now, is the X11 port the remote connection to X11 port? And if it is do you ever connect to X11 remotely?

No one can really open ports remotely unless they have a shell into your computer, which is rather hard unless you run telnet, or ssh and have a shitty password.


And if your extremely paranoid youshould go to www.tldp.org and read about iptables and firewalls and write your own firewall. Thats what ive done and i have the IP from any attacks or anything blocked automatically and i may have set it to in some cases send them a NETSEND depending on a few things.

[ September 11, 2004: Message edited by: The Master of Reality ]

[mobrien_12]

If you close the port, the kernel will not allow traffic in.  

The only way to open the port remotely would be for an attacker to

1)  Remote Login via SSH or telnet.
2)  Break root (iptables operations require root).
3)  Modify the firewall rules.

If someone has broken root, you have bigger problems than open ports.  

[flap]

quote:Originally posted by udaki:
Ever since I got firestarter(the GUI Gnome frontend using iptables)I've been having logs of remote attacks on alot of ports from alot of ips.The only port I left open was X11 and I wanted to know if you close the port can they still open the ports remotely?

That's sort of like asking "If I lock my door from the inside, can burglars still break in?" If they could open those ports remotely there wouldn't be much point to running a firewall, and there'd be nothing you could do about it. So basically "no" is the answer to your question.