Re: [Siglinux] Port Question

Mon, 02 Dec 2002 09:32:58 -0800

OK. 6th floor PCL is your friend ;] I'll be brief. You have to understand what it means for a port to be open: it means that there is something on your system that "listens to it." This means that if a packet arrives to your computer, and says "I want to go to port 654" then the kernel will, if some (user-land) application is listening on port 654, it will give the contents of the packet (and some info about it) to the application (the process involves some function calls I think -- gets heavy in the details with the man pages). A closed port, i.e. nothing is listening to it, is safe. The kernel will reply to the sender of the packet "sorry, this port is useless -- go away" instead of handing it to someone. To close a port, just make the application that is listening to it to stop doing this. For some apps (e.g. an ftp server) you can just shut down the server. For others (X) this involves tweaking your xdm config (if you have a sane distro xdm won't listen to anyone but 127.0.0.0/255.0.0.0). And so on. Firewalls are kernel level filters that can restrict traffic to and from a port. There is no need to do this if there is nothing listening there (disclaimer: I am not an expert, but I don't thing firewalling a dead port benefits you too much in the case of a DoS). To make a long story short:
1) Goto PCL (or should that be null PCL.goto() function call -- damn you Dijkstra! :)
2) For now, just turn off uneeded servers. If you are running servers, keep up with the security advisories. You'll be fine.

And, since I got an lol out of the list last time, I will say it again for kicks.

Alex -- what a dork!

pkl wrote:

As i try to learn enough about security to defend meself, i find
how to list open/connected/listening ports, what services said ports are
connected to, etc.etc.etc...
But when it comes to shutting/blocking a port it's "edit
ipchains...restart xyz..." yadayadyada...
So, Question; How do i close a port? Not put it into exile. Not
make it ask my permision to open.

netstat -etc=> port xyz is open.
I want it closed/blocked/whatever. Now. How do i do that?

pkl

__________________________________________________________________
"If the implementation is hard to explain, it's a bad idea.
If the implementation is easy to explain, it may be a good idea."
Tim Peters "The Zen of Python"
__________________________________________________________________
Paul K. Landers


_______________________________________________
Siglinux mailing list
[EMAIL PROTECTED]
http://www.utacm.org/mailman/listinfo/siglinux



_______________________________________________
Siglinux mailing list
[EMAIL PROTECTED]
http://www.utacm.org/mailman/listinfo/siglinux

Reply via email to