Re: [SLUG] newbie trying to secure his box

Fri, 04 Jan 2002 01:35:48 -0800 

<quote who="Andrew Fries">

> ... I don't know what any of this means, but I don't like it! cmd.exe?
> winnt? Who is 210.23.229.57 anyway, and why is he accessing my system,

Twits running IIS who have been infected with nimda and codered. You can't
do much else but ignore it, or block them. Either way, you get to pay for
the traffic. Kinda like SPAM, really.

> But this shook me out of my complacency regarding security. I started to
> look at various things running by default and one by one I turned them
> off. Right now doing "nmap localhost" produces the following output:
> 
> Port       State       Service
> 22/tcp     open        ssh
> 113/tcp    open        auth
> 6000/tcp   open        X11
> 
> That's not too bad, is it?

Not on localhost, no. ;) nmap yourself from a remote machine, or ask someone
you trust to send you the output if you don't have a login on a remote
machine.

Or, for somewhat less accurate readings (not taking into account the
external network, and any useful filtering from your ISP), you can nmap
your public IP address to see what's actually listening on it (which is the
important one).

> I still have a few questions though. I know I want sshd, but what about
> that service on port 113? What does it do? What about X11? I think I need
> this one :) But is there anything I can do to make it secure? For example,
> I never run remote sessions, so does it *have* to keep that port open? 

> I hope this pretty much closes the topic of ports and services. Now, are
> there any other areas I should I look at to make my system as impenetrable
> from the outside as possible?

You can turn off identd (the port 113 service) if you want. Your best bet is
to set up a simple ipchains or iptables firewall. A good start would be to
use iptables, and only allow existing connections (ie. stop any new
connections) to your machine. Then you can open up things as you need them
(like ssh if you're going to connect to it from outside, etc).

Time to read up on some starter's guides to firewalling... And on that note,
does anyone have good pointers for these?

- Jeff

-- 
                                                                            
-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Reply via email to