port stealthing firewallForum: DSL Ideas and Suggestions Topic: port stealthing firewall started by: monkeypox Posted by monkeypox on Oct. 25 2003,05:15
I just came from a port probe test at grc.com and found quite a few ports open. Would be nice to have dsl firewalled by default.
Posted by roberts on Oct. 25 2003,06:04
I was looking at this too. If you go to a shell prompt and type:sudo netstat -lp You will see the open ports and processing running on them. Now, some of us run DSL behind a firewall and then some don't. Maybe we can ask John to not start some of these services. Move them to the menu like the Monkey webserver. In particular the ssh server. If you are directly on the internet, not behind a firewall I would turn off the ssh server as follows: sudo /KNOPPIX/etc/init.d/ssh stop To turn off the NFS do the following: sudo /KNOPPIX/etc/nfs-common stop sudo /KNOPPIX/portmap stop Then check ports again with the netstat command. Posted by roberts on Oct. 25 2003,14:18
I have been digging into this further:Seems to me that inetd the super server is running to provide vboxd An isdn voice box daemon??? Does anyone use ISDN anymore? Or is this some sound thing that I just don't know about? I remastered a CD to test this without starting ssh, portmap, nfs-common, and inetd Now netstat -lp displays only printer and bootpc used by the processes of lpd and pump. If nfs is placed on the menu, then we can still have the ability to mount via nfs. As for the others, ssh and vboxd, are they needed as server daemons? Without the ssh daemon running we can still use the client side of ssh, i.e., we can ssh to another machine as well as scp. Posted by RuKK on Oct. 29 2003,17:14
Forgive my n00bishness, but how would I go about disabling those two services on a hdd install so I didnt have to manually stop them every time I wanted to reboot? Thanks-RuKK Posted by roberts on Oct. 29 2003,23:22
Well, if you have already installed to hard drive, and you don't want them started by default I would do the following as root ( or add sudo )Because you stated you are a newbie, I am going to explain in small steps. cd /etc find . -name "???ssh" -print There should be six lines listed with names like K20ssh and S20ssh. They are located in rc directories or run levels. Those files are really links ( think of pointers) to the real scripts. Therefore you can delete those links and that service will not be started upon boot up. Of course you are not deleteing the script. You will still be able to manually start them or add them to your own menu. So next I would cd to where the file (link) is located, e.g.., Lets do one of the six. cd /etc/rc3.d Then I would do ls -la S20ssh The first char should be an l which stands for link , .e.g. lrwxrwxrwx Now remove it rm S20ssh then repeat for each of the six files of ssh. I know that there are more powerful commands. But for the first timer, it is good to go slowly and understand what you are trying to do. Better safe than sorry. Always do an ls and look before you delete (rm) especially with system files. Do the same for portmap and nfs-common. Posted by roberts on Oct. 30 2003,16:44
Now that I posted the theory or the small steps of what you have to do. For the more daring try ( untested, because I don't install to hard drive)update-rc.d --help and then update-rc.d ssh remove Posted by RuKK on Oct. 31 2003,13:21
Thank you very much roberts, tried both methods on different boxes and both work great for me
|