alan c wrote: > Tony Arnold wrote: >> Alan, >> >> alan c wrote: >> >>> I note that I have FTP allowed in firestarter for outbound on ports >>> 20-21, but presumably that is not he same ftp function you describe? >> >> No, the outbound ports you allow will let users of your machine use ftp >> to some remote ftp server and is completely independent of any remote >> user connecting to the ftp server on your machine. >> >>>> User can run their FTP connection >>> >>> would this user be my machine or remote machines? >> >> On remote machines running an ftp client connecting to your ftp server, say. >> >>>> in passive mode, which does not behave >>>> this but this is not the default, in general. >>>> >>>> I'm not convinced you need an outgoing policy at all unless you want to >>>> restrict users of your system in what they can/cannot do. >>> >>> I am virtually the only user on my LAN (!) (wife sometimes). The >>> reason for the outgoing policy is partly general precaution, partly to >>> become familiar with what is happening, and partly to very >>> specifically to limit what happens because the machine is left on 24/7 >>> for torrents mostly upload seeding. I dont know how useful the >>> policies really are, but I am frankly surprised that so many >>> apparently malware related service names are being (blocked) attempted. >>> >>> The Blocking stops when ktorrent is closed. Where in the torrent >>> process is the possible 'FTP' activity being used? >> >> I was assuming people were trying to use FTP to download stuff from your >> server rather than torrent. The two are quite independent. If you have >> logging turned on for your ftp server (I assume you are running an ftp >> server?) then you could see if this so. >> >> If you are not running an ftp server, then you don't need the ftp ports >> open on inbound and you can ignore all I've said about ftp clients:-) >> >> Maybe there is an outgoing connection from your machine as part of the >> torrent process that is getting blocked. I can only imagine that a seed >> would connect to a tracker to let it know of the presence of the files >> you are making available, but I'm not too sure of the process here. >> >>> I suppose I do not know enough about the torrent process, which does >>> not help. >> >> I'm not sure I know enough about it either! >> >>> If the currently blocked items are not blocked, what will the benefits >>> or disadvantages be? >> >>>From a security point of view, the main reason for limiting outbound >> connections is to stop malware that makes it on to a compromised system >> from making outgoing connections and infecting other machines. Given you >> are running Ubuntu and you have some pretty good inbound rules, I think >> this is unlikely. >> >> Setting outbound rules in my experience is quite tricky due to things >> like ftp and other odd protocols. Normal practise is to just use inbound >> rules unless you have specific reasons to do otherwise. > > thanks. > (I don't run an ftp server). > mmm. Since I have reduced the number of peers allowed, the blocking > indications from the firewall have stopped. One of the torrent faq > sites mentioned about the allocated ports being at times overloaded. I > wonder if there were so many peers attempting to use the seed that the > ports (management) worked differently or badly, so that other ports > were being sought, tried, and obviously blocked?
I spoke too soon. After a night of such working, there was a minute or so burst this morning of outgoing block events - about a couple of dozen in total. It looks slightly as if something is occasionally prompting my machine to respond, and it tries to. -- alan cocks Kubuntu user#10391 -- [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
