Re: [SLUG] Question about firewalls and ports.

From: patrick grantham (pwgrant@cssi-fl.com)
Date: Tue Apr 23 2002 - 21:32:42 EDT


For $39, buy a lowcost router (linksys, netgear, netscreen), blockk ALL
incomming ports BEFORE they get to your box. That way, if you make a mistake
no traffic will reach it anyway. Then you can open up ONLY those you wish.

On Tuesday 23 April 2002 19:49, you wrote:
> That is great but how do I block them from being used? I know that the
> firewall can be setup to block stuff but do I have so specify all the ports
> or just the ones that I want to go in and out?
>
> William
>
> -----Original Message-----
> From: slug@lists.nks.net [mailto:slug@lists.nks.net]On Behalf Of Ian C.
> Blenke
> Sent: Monday, April 22, 2002 7:34 AM
> To: slug@nks.net
> Subject: Re: [SLUG] Question about firewalls and ports.
>
> On Mon, 2002-04-22 at 12:00, William R Coulter wrote:
> > I am kinda young in the LINUX world and I have lots of questions to ask.
> > So, I thought this was the best place to ask them.
> >
> > I know that Red Hat comes with a firewall. When you activate it how do
>
> you
>
> > know the firewall is blocking all of the ports. For example, if you want
>
> to
>
> > block people from ftping to or from your site you tell the firewall to
>
> block
>
> > ports 22 and 23 (something like that).
>
> FTP uses TCP port 21 for the command channel, and port 20 for the data
> channel
>
> SSH uses TCP port 22, and Telnet uses TCP port 23.
>
> For a pretty comprehensive list of UDP/TCP ports, check out
> /etc/services, or browse through iana.org for a full list of protocols
> and ports (RFC1700 is a pretty good list, but it's old. per RFC3232, the
> full list of ports is "in a database" on the iana.org website).
>
> http://www.iana.org
>
> > I understand that but what I don't
> > understand is that there are more ports that are being used by the system
> > and the system is waiting for a call by the programs using the ports.
>
> Programs "listen" on ports. The easiest way to see what ports your
> machine is listening on is to run netstat or lsof:
>
> $ netstat -an | grep LISTEN | less
> or
> $ lsof -i -n | grep LISTEN | less
>
> Netstat runs on just about anything with an IP stack (including
> Windows!) You may need to install lsof on your Linux distribution - it's
> usually an optional package.
>
> > So,
> > how do you know that ALL the ports are being blocked so that ONLY valid
> > usage is being used and no hackers in your system?
>
> Well, it depends on your kernel and which IP filtering toolset you are
> using.
>
> Linux 2.0 kernels use "ipfwadm"
> Linux 2.2 kernels use "ipchains"
> Linux 2.4 kernels use "iptables" (aka NetFilter)
>
> Each method of IP filtering requires a different command line syntax:
>
> $ ipfwadm -I -l
> $ ipfwadm -O -l
> $ ipfwadm -F -l
> $ ipfwadm -M -l
> or
> $ ipchains -L -n
> or
> $ ipfilter -L -n
>
> These commands will list your current IP filtering rules.
>
> Testing wether a port is blocked or not depends on the IP filtering
> method as well:
>
> To test wether inbound FTP is blocked, you might use:
>
> $ ipfwadm -c -I -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 21 -y
>
> $ ipchains -C -i eth0 -s 0.0.0.0/0 -d 0.0.0.0/0 -p TCP 21 -y
>
> AFAIK, iptables doesn't implement a check option yet.
>
> The *best* way to test your firewall, however, is to run nmap or another
> port scanner from the outside. It also helps to try some esoteric
> firewalking tools and other intensive traffic spoofers to see if your
> rulesets hold up.
>
> Don't get me wrong, true Firewalling can be a real chore - and it's not
> something simple that everyone can understand without a great deal of
> effort. Even so called Firewall eperts can really muck up a firewall
> accidentally without realizing it.
>
> - Ian C. Blenke <icblenke@nks.net> <ian@blenke.com>
> http://ian.blenke.com



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:29:11 EDT