On 09/05/2009 12:56 PM, Dale wrote:
Hi,
As some may know already, I recently got DSL. It's not a super fast
connection by broadband standards but it does mean that my box may be
easier to find for a hacker. So, I have a few questions about
security. I think I am OK but want to make sure.
1: I have a good root password. It's not something someone would guess
for sure. Nothing related to my history, birthdays or anything. It is
still fairly easy for me to type tho.
That's always a good idea. But if you have SSH disabled, then it
doesn't really matter. And with SSH enabled, root login is disabled by
default, so...
2: I went to this link: https://www.grc.com/x/ne.dll?bh0bkyd2
According to that site my ports are in "stealth" mode which is good from
what I understand.
"Stealth" ports give problems with p2p and file transfers (MSN and the
like). A stealthed port means you can't be reached. Even if you want
to be reached. If you encounter problems, for example no one can send
you a file from IRC/MSN/etc you know what to blame.
Also, even with "stealthed" ports, it's still possible to find you.
When someone pings your machine, and you never reply, and nothing else
replies, it means you're there :) That because if you're really not
there, your ISP will reply to the pinger with "that IP is not there."
If that doesn't happen, the pinger knows you're there and hiding behind
your finger :)
But some ISPs don't send that "no there" reply to the pinger, so in
those cases, "stealth" ports might make sense.
3: I have no servers running here. No Apache, MySql, or any of that.
I also have turned off/stopped ssh since I have only one box at the
moment.
Then "stealth" ports are a bit useless since nothing is listening on
those ports anyway.
The DSL modem I am using is the Motorola 2210. It seems to be a gateway
thing. I have no router at the moment but if I build a new rig I will
be getting one then. Most likely a Linksys or something. I'll post
here before getting one anyway. ;-)
I think the Motorola *is* a router. That means you can just buy a cheap
ethernet switch, connect it to the 2210 and then connect the machines to
the switch and the 2210 will route everything just fine.
