C> Justin, I posted back to the list with these results but haven't seen your C> reply. Have I said something inappropriate in my post or something? I've C> been looking for reassurance from you, who definately appears more C> experienced in this than I am, that my system in fact appears to be secure.
Sorry Chris, I went out to party and completely forgot your message. I apologize if my absence led you to negative thoughts, you can simply blame it all on me :). The good news is that your system is probably pretty secure in many scenarios, as long as your root password is a good strong password and you're using a lot of the Mandrake defaults. In Regards to your question: >>Justin, as an update to this, what I did was go to a friends box and try to >>telnet to my ip address. Only once did I get a login box, however, it >>wasn't for my system but a login box for my modem. I was able to log into >>the modem once, other attempts after that showed connection refused. The >>same with a ping. Telnet asked for a user id/password, entered the correct >>one and got a connection refused. I had the firestarter gui up during this >>and when I got back there were no hits shown on the firewall log and nothing showing in my syslog. Therefore its my conclusion that the three >>open ports are for modem configuration and not actaully on my box. Right >>or wrong? This is very likely. Before I make any further assumptions, Answer a couple questions for me please so I can get better information about your setup (you may have answered these before, but I want them all in one place so someone else on the list can contribute if they want) -What kind of DSL modem do you have (Make and Model # or description please) -Is your DSL modem external to your computer? -If it is external, how is it connected? Is it connected by a Cat-5 (8 wire) Ethernet cable to your computer into your Ethernet card, or is it connected via USB? -If internal, is it a PCI card? -Go to your bash shell and do the four following commands, and post the output to the list: nmap localhost lsof -i | egrep 'COMMAND|LISTEN|Idle' netstat -a route NOTE: if your route output contains IP addresses OTHER than 10.x.x.x, 172.16.x.x, or 192.168.x.x, don't post it to the list. Email it directly to me instead. (you may need to append /sbin/ before some of these commands, or be logged in as root) If it is what I think it is (that your modem is external and performs Network Address Translation (NAT) for your internal machines, which would technically make it a DSL router), then your system is probably just fine, and closing the ports on the modem will be specific to the modem itself. The good news that if this is the case, your system is pretty safe, we just need to clean up your modem a little.
smime.p7s
Description: S/MIME Cryptographic Signature
