Ubuntu Security :: Keeping All Ports Stealthed?
Sep 26, 2010
I know how to forward ports in my router. Now I need to open a port to help with testing a project and no matter what I've tried, every port under 1055 shows up as stealthed (with 1-71 closed) according to Shields Up! I'm happy to run it at a port > 1024, but whatever I try also shows up stealthed. I even tried (briefly) turning on DMZ and still the same thing. My ISP swears that they only block port 80, 21 and 25, none of which I'm trying to use. UFW status reports inactive and I'm not using firestarter. I'm not running any other server (apache, light speed etc). If it's not my router and it's not my ISP, and there's no other server apps running, then that kind of leaves Ubuntu as far as I can see,
View 8 Replies
ADVERTISEMENT
Mar 11, 2010
I'm currently using Ubuntu 9.1, and a motherboard which has two Ethernet ports on it.
What I would like to do is bridge these ports, so I can plug in another Ethernet cable and run it to an unmanaged switch in my room (handy for my work laptop when on-call and building other PCs, etc).
I.e. Router --> 8-Port Switch --> My PC.
Eth 0 --> 192.168.1.100 static
Eth 1 --> 5-Port Switch --> DHCP
I believe this is the config to make the ports bridged:
ifconfig Eth0 0.0.0.0
ifconfig Eth1 0.0.0.0
brctl addbr Bridge0
brctl addif Bridge0 Eth0
brctl addif Bridge0 Eth1
ifconfig Bridge0 up
- How do I save this so upon reboot it sticks?
- How do I force Eth0 to remain as a static IP of 192.168.1.100?
View 8 Replies
View Related
Jan 7, 2010
I've recently built a VM appliance using Ubuntu 8.04 that is given to customers for an easy deployment of our software. Ubuntu works great in a VM and its perfect for our software (which is a web application).
Some customers are paranoid (rightfully so) and they will run a vulnerability assessment on the web application. A particular customers' assessment fails as it finds that the appliance isn't running the latest version the Apache web server. I thought that just running "apt-get upgrade" would upgrade all of the software packages to the latest so that failures in the assessment caused by outdated software packages would be resolved... However this is not the case...
I realize that there is a probably a whole process for submitting/approving the latest versions of software packages in Ubuntu, that then get pushed to the repositories - But how does this work? What exactly does "apt-get upgrade" do if it doesnt upgrade packages to the latest?
For example: I need Apache 2.2.11 to fix a particular vulnerability. But when running apt-get upgrade, it doesnt actually upgrade the Apache version number (or any of the other packages). I'm stuck on Apache 2.2.8, and I can't find a .DEB installer for 2.2.11 or later.
View 5 Replies
View Related
Mar 29, 2011
right now i have vsftpd server installed for FTP access. I originally set it up for both FTP and SFTP, but found that SFTP disregarded any and all permission settings and user jailing that i had set up... so I am switching to just being standard FTP
so here is what's happening:
i've tried to disable SFTP in the sshd_config file, but i am still able to log into the ftp server under sftp through port 22 (which normally is ssh?) i've tried all kinds of things short of just blocking port 22, however I would prefer to be able to remote into my server via Putty (which has access restriction to ONLY allow my admin user account over ssh)..
View 9 Replies
View Related
Jun 12, 2010
Intrepid Ibex (U8.10) is what I am using presently and I would like to know if there are measures that I can take to prevent my ISP from keeping data that flows between my PC and it.
I am living in Australia, I am wanting to keep the bastards (read: Australian Government) ignorant about what I use my PC for.
Its them storing any of my personal information that I am worried about, but if I can keep my history from them completely, even better...
View 9 Replies
View Related
Apr 1, 2010
After reading a lot about networking and security I decided to check the security of my own ubuntu box. So I went installing Nmap and discovered that port 139 was "open". Since I 'd read how to use ufw I created a deny rule for port 139. After a second scan with Nmap it still said that port 139 was open as shown below.
[Code]...
View 9 Replies
View Related
Jul 27, 2010
I'm locking down my laptop. I know I can use a firewall to ensure nothing gets through that I didn't catch, and I certainly plan on using one, but in the meantime, I want to know what exactly is running on my system.
nmap localhost returns:
Code:
james@james-linux:~$ nmap localhost
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost (127.0.0.1):
Not shown: 994 closed ports
PORT STATE SERVICE
25/tcp open smtp
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
However, I know that localhost goes back to the loopback interface, 127.0.0.1. So, to see what was really open, I ran nmap 192.168.0.108, which is my laptop's IP at the moment.
Code:
james@james-linux:~$ nmap 192.168.0.108
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Interesting ports on 192.168.0.108:
Not shown: 996 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Now if I understand correctly, I can attribute 139 and 445 to my Samba share. That I'm okay with. What I don't know is 111 and 2049. Does anyone know what these ports are, what's running on them, and how I could turn them off, supposing that they are a security risk?
View 9 Replies
View Related
Mar 18, 2011
I'm getting heat from the head networking office that ports 21, 110, and 143 are open. I can telnet to those ports from a remote machine (not localhost) and get a prompt. There does not seem to be anything listening on those ports according to netstat. I've tried using iptables to discard all traffic to a from those ports but I can still telnet to them. This is a lucid desktop machine.
View 4 Replies
View Related
Apr 10, 2010
I installed Ubuntu 9.10 recently. I heard that there will be no open ports in the system unless I specifically open one. How do I scan to find a open port in my system.
View 9 Replies
View Related
Jul 6, 2010
when i enable my ufw it completely shuts me out and closed my internet connection. i installed firewall configuraiton interface and through it defined rules to accept incoming internet connections on port 80, i can see the rules are there but when i enable my firewall it just shuts me out completely again.
when i do(with my firewall enabled):
Code:
$ sudo ufw status
it gives me:
Quote:
Status: active
[Code].....
I also messed around with fwbuilder and iptables but since then deleted fwbuilder(besides i just compiled firewall policy and never actually installed it because of errors while trying to install it. Iptables I cleared with:
Code:
$ sudo iptables -F
View 9 Replies
View Related
Sep 21, 2010
Is there anyway i can ssh/rdp/telnet into my server from the outside bypassing comcast ALL blocked ports
View 1 Replies
View Related
Jan 20, 2010
how to block all ports except pop,pop3,smtp in nat using iptables in squid on redhat A3
View 2 Replies
View Related
Apr 24, 2010
What ports does Firefox use to connect to the Internet?
View 9 Replies
View Related
May 2, 2010
my ufw rules have been loaded and active yet using iptraf i see tcp connections on ports that were never allowed by ufw. can anyone explain this too me does ufw just not work?
View 6 Replies
View Related
Nov 12, 2010
What are the security implications of closed ports?
View 5 Replies
View Related
Feb 9, 2011
What is happening when I log in to my Ubuntu server machine via ssh and putty. trying to understand everything, primarily securing my server.
I have specified the ssh server to listen on port 5525, and can login without a problem.
When I look at the logs though it says I connected from xxx.xx.xx.xx on port 53602.
What is happening here and why is the logged connection a different port to the one specified in the config file?
View 1 Replies
View Related
Apr 28, 2011
I have open ports on my computer for vsftpd, pptpd, and I need help to filter this ports because they aper as open ports on internet, and this is pretty risky
View 3 Replies
View Related
Mar 30, 2011
We do NOT support samba on our Unbuntu servers but still zillions of windows machines are constantly trying to connect on the SMB ports. I've added a rule that drops access to destination ports 137-138 and that seems to work. But it creates many many log entries documenting that the packet has been dropped. I've been researching and cannot come up with a way to suppress logging for these drops.
View 4 Replies
View Related
Dec 2, 2010
looking at my router logs i've noticed for the past while a range of source ports from 60000 to about 65000 from my source external ip to destination external ip always on port 80. I have 3 boxes on this network and this only seems to happen when i connect the one laptop. I even reinstalled the distro downloaded from trusted source but the router is still logging this.. netstat -ntulp shows nothing operating in this range. chkrootkit shows nothing.. Was thinking maybe someone was spoofing the external address but it's been happening on network startup for a month now
View 4 Replies
View Related
Jun 30, 2010
I enabled ufw yesterday, and am finding log entries like:
Jun 30 13:07:51 xxxx kernel: [15702368.296557] [UFW BLOCK] IN=eth1 OUT= MAC=00:22:19:5e:8f:23:00:0c:db:fc:8b:00:08:00 SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=47632 PROTO=TCP SPT=58875 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0
What is puzzling is I did the command: ufw allow 80.
View 5 Replies
View Related
Aug 19, 2010
I am trying to configure Bittorando and iptables using Firestarter. I have got it working but am concerned about security holes.
Let me explain.
AIUI, the Bittornado program contacts the "tracker" on various ports which (from the previously blocked connections in Firestarter) ranged from 4664 to 65532. Therefore, currently I have set this range to be open to allow downloads of the torrent.
However, this seems, IMHO, to devalue to point of having a restrictive exit policy for Firestarter since now virtually all ports are open. I can see nothing on the Bittornado client to restrict the outgoing ports although the "listening" (incoming) ports can be restricted.
I would prefer to have my system locked-down so that the minimal number of ports are open to initiate external connections so is there any way to achieve this with Bittornado?
View 9 Replies
View Related
Nov 5, 2010
While (attempting) to set up ssh on a couple of machines (not this one) I've noticed that I keep getting some strange unknown ports showing as open on my PC when I do a port scan on its address. They are only opened transiently, they are all high numbers eg 33348, 41147, 50370 etc. I have opened no ports on this machine at any time and ufw is set to deny all incoming.
View 3 Replies
View Related
Mar 1, 2011
This morning I was looking at the router's log file and noticed a certain IP address was able to gain LAN access on port 2222. That just happens to be the port my SSH server is listening on! A whois search revealed that IP address is in Germany. As soon as I found this out I stopped forwarding all ports to this machine in my router.
how to tell what had happened, what information this person was able to obtain, and if he left any goodies behind that could hurt me? I've read through some of the logs on my computer and haven't been able to find much at all. I did have some personal information on the hard drives, but that information is encrypted. I'm thinking if they were able to get my SSH password then that information probably isn't safe either (assuming they have some of it).
View 7 Replies
View Related
May 6, 2011
How do you delete ufw rules which you didn't make?
I want to block the FTP ports (20 & 21) but even if I put in DENY rules, it appears that these rules are letting traffic through
Code:
9 400 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20 state RELATED,ESTABLISHED
How do I delete these rules? I've tried.
Code:
sudo ufw delete allow 20
sudo ufw delete proto tcp from any to any 20
but I get "Could not delete non-existent rule".
Since I didn't make those rules I have no idea what OpenBSD's PF syntax (what ufw uses) is for them.
View 2 Replies
View Related
Jun 12, 2011
Perhaps it is my misinterpretation of AppArmor, how can it be configured to restrict TCP or UDP traffic to/from specific ports?
The profile "abstractions/nameservice", under the section "# TCP/UDP network access", doesn't seem to lock the application to port 53. What am I missing? Restriction to specific ports is something that systrace can do so I'd expect nothing less from AppArmor.
View 5 Replies
View Related
Dec 8, 2009
have tried to close ports 443,80,22 & 23 without success.Does anybody have any idea how to do this. I close them in a terminal and their still opened. I closed them in services and their still open what am I not doing right?
View 14 Replies
View Related
Jun 25, 2011
Well I'm kinda a paranoid person, and got bored and ran a port scan from 0 to 500000 and turned up some interesting results, I was wondering how I find the programs tied to each open port. Its my computer and I'd like to very well know what programs are needing these ports and for what usage.
View 7 Replies
View Related
Dec 4, 2010
Quote:
A year ago I blogged about how hackers managed to hijack hundreds of high-profile websites to make them promote online stores that sold pirated software at about 5-10% of a real cost. They used quite a standard scheme that involved cloaking (making spammy links visible only to search engine crawlers) and conditional redirects (visitors from search engines who clicked on specifically-crafted links on compromised sites got redirected to online stores of software pirates)
Despite of all my warnings, most of those site are still hacked and help sell pirated software and steal credit card numbers. This negligence of site/server administrators encouraged cyber criminals to step even further in abusing reputation and resources of compromised servers. This post will be about one of such steps.
View 6 Replies
View Related
Sep 11, 2010
A portscan reveals that port 39878 is 'open', service: 'unknown. I deny service for this port in Firestarter FW 'policy' Firestarter does not show any active connection. I am not running any apps, so how can I close this port?
View 9 Replies
View Related
Jun 26, 2010
My friends all request that I join Farmville so they can build their points. I don't play games but tried to oblige them. My firewall went nuts and I received requests to "open" certain ports. Can some one tell me what is going on and is this a security risk or not. I am 4 years deep into Linux and I haven't used microcrap in as many years but I am still learning, as there is so many things to master with Linux.
View 4 Replies
View Related
