Author Topic: Got a question about ports...  (Read 1144 times)

udaki

  • Member
  • **
  • Posts: 41
  • Kudos: 0
Got a question about ports...
« on: 31 August 2004, 05:14 »
Ever since I got firestarter(the GUI Gnome frontend using iptables)I've been having logs of remote attacks on alot of ports from alot of ips.The only port I left open was X11 and I wanted to know if you close the port can they still open the ports remotely?

WMD

  • Global Moderator
  • Member
  • ***
  • Posts: 2,525
  • Kudos: 391
    • http://www.dognoodle99.cjb.net
Got a question about ports...
« Reply #1 on: 31 August 2004, 07:09 »
Open them remotely?  Not that I know of.
My BSOD gallery
"Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez

M51DPS

  • VIP
  • Member
  • ***
  • Posts: 608
  • Kudos: 30
Got a question about ports...
« Reply #2 on: 31 August 2004, 23:28 »
So long as they aren't using an exploit in X11, you should be pretty safe. Those attacks are probably from computers infected with worms, and nothing to worry about unless you have an unpatched windows box.

EDIT: Well, maybe if the same IP is continually scanning and trying to do things, it might be a good idea to do something like e-mail their ISP or block their address or something....

[ August 31, 2004: Message edited by: M51DPS ]


Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Got a question about ports...
« Reply #3 on: 12 September 2004, 01:15 »
sounds to me like the security is a bit to tight and thinks that some harmless packets are attacks.

Now, is the X11 port the remote connection to X11 port? And if it is do you ever connect to X11 remotely?

No one can really open ports remotely unless they have a shell into your computer, which is rather hard unless you run telnet, or ssh and have a shitty password.


And if your extremely paranoid youshould go to www.tldp.org and read about iptables and firewalls and write your own firewall. Thats what ive done and i have the IP from any attacks or anything blocked automatically and i may have set it to in some cases send them a NETSEND depending on a few things.

[ September 11, 2004: Message edited by: The Master of Reality ]

Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Got a question about ports...
« Reply #4 on: 12 September 2004, 08:45 »
If you close the port, the kernel will not allow traffic in.  

The only way to open the port remotely would be for an attacker to

1)  Remote Login via SSH or telnet.
2)  Break root (iptables operations require root).
3)  Modify the firewall rules.

If someone has broken root, you have bigger problems than open ports.   :D
In brightest day, in darkest night, no evil shall escape my sight....

flap

  • Member
  • **
  • Posts: 1,268
  • Kudos: 137
Got a question about ports...
« Reply #5 on: 12 September 2004, 17:48 »
quote:
Originally posted by udaki:
Ever since I got firestarter(the GUI Gnome frontend using iptables)I've been having logs of remote attacks on alot of ports from alot of ips.The only port I left open was X11 and I wanted to know if you close the port can they still open the ports remotely?


That's sort of like asking "If I lock my door from the inside, can burglars still break in?" If they could open those ports remotely there wouldn't be much point to running a firewall, and there'd be nothing you could do about it. So basically "no" is the answer to your question.
"While envisaging the destruction of imperialism, it is necessary to identify its head, which is none other than the United States of America." - Ernesto Che Guevara

http://counterpunch.org
http://globalresearch.ca