A portscan reveals that port 39878 is 'open', service: 'unknown. I deny service for this port in Firestarter FW 'policy' Firestarter does not show any active connection. I am not running any apps, so how can I close this port?
View 9 RepliesI am trying to configure Bittorando and iptables using Firestarter. I have got it working but am concerned about security holes.
Let me explain.
AIUI, the Bittornado program contacts the "tracker" on various ports which (from the previously blocked connections in Firestarter) ranged from 4664 to 65532. Therefore, currently I have set this range to be open to allow downloads of the torrent.
However, this seems, IMHO, to devalue to point of having a restrictive exit policy for Firestarter since now virtually all ports are open. I can see nothing on the Bittornado client to restrict the outgoing ports although the "listening" (incoming) ports can be restricted.
I would prefer to have my system locked-down so that the minimal number of ports are open to initiate external connections so is there any way to achieve this with Bittornado?
I am running Firestarter on Ubuntu 9.10 64 bit. I have noticed several times that after closing all web apps (Firefox, Thunderbird) that some entries remain under the heading "Active connections" on the Firestarter "Status" tab. Often these show no source program. Currently I have 2 showing which show Firefox as the source. These persist after Firefox is shut down. I have verified that no Firfox process is running. And both of the IPs point to google.I have Disconnected eht0 and they still show. I have logged out and back in and they still show. I must reboot the machine to make these entries go away. Which makes me think perhaps this is a bug in Firestarter(?) Is there another way I can identify truly active connections?
View 2 Replies View RelatedI am running ubuntu 10.10. I recently enabled the firewall and installed Firestarter to configure it. Bad decision apparently. I can't connect to the internet using Firefox unless I first stop the firewall using Firestarter. After I do that, Firefox connects to the internet just fine.
If I uninstall Firestarter, will the ubuntu firewall function as it did originally, before I configured it? Or will it continue to function the way it does right now, which doesn't allow me to connect to the internet?
I'm locking down my laptop. I know I can use a firewall to ensure nothing gets through that I didn't catch, and I certainly plan on using one, but in the meantime, I want to know what exactly is running on my system.
nmap localhost returns:
Code:
james@james-linux:~$ nmap localhost
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost (127.0.0.1):
Not shown: 994 closed ports
PORT STATE SERVICE
25/tcp open smtp
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
However, I know that localhost goes back to the loopback interface, 127.0.0.1. So, to see what was really open, I ran nmap 192.168.0.108, which is my laptop's IP at the moment.
Code:
james@james-linux:~$ nmap 192.168.0.108
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Interesting ports on 192.168.0.108:
Not shown: 996 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Now if I understand correctly, I can attribute 139 and 445 to my Samba share. That I'm okay with. What I don't know is 111 and 2049. Does anyone know what these ports are, what's running on them, and how I could turn them off, supposing that they are a security risk?
I'm getting heat from the head networking office that ports 21, 110, and 143 are open. I can telnet to those ports from a remote machine (not localhost) and get a prompt. There does not seem to be anything listening on those ports according to netstat. I've tried using iptables to discard all traffic to a from those ports but I can still telnet to them. This is a lucid desktop machine.
View 4 Replies View RelatedI installed Ubuntu 9.10 recently. I heard that there will be no open ports in the system unless I specifically open one. How do I scan to find a open port in my system.
View 9 Replies View Relatedwhen i enable my ufw it completely shuts me out and closed my internet connection. i installed firewall configuraiton interface and through it defined rules to accept incoming internet connections on port 80, i can see the rules are there but when i enable my firewall it just shuts me out completely again.
when i do(with my firewall enabled):
Code:
$ sudo ufw status
it gives me:
Quote:
Status: active
[Code].....
I also messed around with fwbuilder and iptables but since then deleted fwbuilder(besides i just compiled firewall policy and never actually installed it because of errors while trying to install it. Iptables I cleared with:
Code:
$ sudo iptables -F
I forwarded ports 28900(TCP/UDP) and 5029(UDP) to my linux box for a game. Testing my ports with a website now shows these ports as "connection refused" rather than "timeout" which means the connections are getting to my system but the iptables are blocking them. But I added 28900 as a test and it still won't accept anything on this port. This is my output of iptables -L
root@BPC3:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:28900
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:28900
What do I need to do exactly to add exceptions for 28900 TCP/UDP and 5029 UDP?
What is happening when I log in to my Ubuntu server machine via ssh and putty. trying to understand everything, primarily securing my server.
I have specified the ssh server to listen on port 5525, and can login without a problem.
When I look at the logs though it says I connected from xxx.xx.xx.xx on port 53602.
What is happening here and why is the logged connection a different port to the one specified in the config file?
There is this active connection in firestarter: ec2-174-129-193-12.compute-1.amazonaws.com (Port 443 - Service HTTPS - program python)After doing ps aux | grep PID it shows: /usr/bin/python /usr/lib/ubuntuone-client/ubuntuone-syncdaemon...This comes up in the firewall in each login, how do I get rid of it and how did it get there in the first place? Another question is if there is a way to limit a program's access to the internet. For example KCalender.. The things I type up in there may be stored somewhere. How can I disable complete access to the internet for that program and any other program so they can't backup, share, check etc. ?
View 3 Replies View RelatedWell I'm kinda a paranoid person, and got bored and ran a port scan from 0 to 500000 and turned up some interesting results, I was wondering how I find the programs tied to each open port. Its my computer and I'd like to very well know what programs are needing these ports and for what usage.
View 7 Replies View RelatedI am trying to understand why when running nmap against a SonicWALL firewall at a remote location, the SonicWall firewall is saying that most of its 65535 ports are open? I know this cant be correct and remember reading about how some of these network appliances are setup this way to thwart off attacks.
View 7 Replies View RelatedI now have a firewall up and running: almost perfectly. When I use nmap and perform the most comprehensive scan I can think of, it cannot detect any wide open ports (unless bittorent is running) and cannot fingerprint the OS. My last 2 questions about my firewall (I am very happy now) are:
It seems as though Firestarter has been "abandoned" by the developers, and that gufw is more current. Does it really matter which firewall I use because don't they all do the same thing? I like firestarters system tray icon a lot. 2nd question is I have two open|filtered ports. Are these still pretty well protected?
It is very pleasing to see that I have no open ports, because if you were an experienced Windows user like I was, you got used to the fact you were going to have open ports no matter what. Linux's builtin firewall completely destroys the expensive and useless scams they call Norton and McAfee. Linux officially rocks now
Within the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.
Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show. To see what I am talking about see page(s) 6-7 here -> [URL]
If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.
My firestarter is denying connections on ports 80 and 443, despite the fact that I have set rules to allow both the services, and indeed any connection from my gateway (the source of the connections).
Can someone please advise why this might be?I can surf the 'net fine, unfortunately I cannot load facebook, gmail, or another couple of sites that require logins, and I assume this is due to HTTPS not communicating properly.(On the off chance anyone can answer these real quick, I'm also trying to solve my resolution resetting every time I restart, and one of the icons in my KDE panel turning into a widget from an icon every time I restart. Still working on these, but just if anyone knows already).
I'm installing a server to act as a firewall between a local network and internet. I've installed Firestarter becaused it worked straitgh away (it seems that FS is configuring the routing as well). I've tried to remove it, and then I lost the access from LAN to Internet. (I don't know why -perhaps the routing is disabled then- , so I prefer to keep it).
The problem is that Webmin Bandwidth Monitor (bandwidthd) is not logging anything when FS is active. Does someone has an idea on how I could make it work? I've tried cacti and some other stuff, but it is far too complicated for me.
I have my router configured so that it drops outgoing telnet connections (and other protocols I don't use). It's a 2wire gateway. 192.168.1.65 is the internal IP of my ubuntu box.I'm trying to figure out what normal network traffic looks like and whether I should be worried by this log entry. At the time this happened I was testing out TOR (just navigating to a few sites (dell, ubuntu forums, etc.) nothing all that interesting.)
View 2 Replies View RelatedI have been setting up my laptop as a dual boot with Win7 (yuckkk!) and Ubunutu 11.04. My HP Pavilion dm4 came with 4 primary partitions used by Windows! (Again, yuckkk!) I got rid of Windows_recover partition (I don't remember the exact name) converted that primary partition to an extended partition and then installed Ubuntu in virtual partitions. All that works.What I don't like is that the partition HP_TOOLS shows up in Nautilus, and if you click on it, it self-mounts and makes that partition accessible.
View 8 Replies View RelatedI have an Asus 900 laptop that I put Ubuntu 9.10 on.I know it was made by the Chinese, but why are they trying to hack my pc?I currently put FIRESTARTER a linux firewall on board you can go here to get itNow I can see everyone's IP address and find out where they are and who they are!!
View 9 Replies View RelatedI was wondering if firestarter (software firewall) works out of the box or does it need some kind of configuration in order for it to provide protection? Is firestarter even needed with ubuntu?
View 6 Replies View Relatedim having a bit of a problem with Firestarter, i have Transmission opened and i am downloading a movie but when i check Firestarter i see hundreds and hundreds of Ip's that are blocked, and like 10ip's every second that get blocked.
[Code].....
I'm new to Ubuntu so bear with me. I installed 9.10 from a CD and it looks fine and works OK wired. However, my wireless keeps picking up a connection at home via my Linksys router that is not mine and I can't get around it, blacklist it or delete it. No matter what I do it keeps showing back up as an AutoConnection. It is the same type of router as mine but the security is different (I use WPA-Personal and the offender is WEP). How can I permanently blockdisableetc the extra connection? I can't get on my home network until the bad autoconnection is gone. More info: I use an IBM R40 into which I installed a Toshiba mini-PC wireless card. I know it works as I have used it to connect to other wireless networks other than my own. I prefer to leave my router configured as it is due to other users at home and the configs I use for them. I read about WICD if that is a possibility, but actually connecting wirelessly is not the issue.
View 4 Replies View RelatedAt my home I am using firestarter to connect my XBOX 360 to the internet and it works perfectly, never crashes etc and I get a moderate NAT which I've never experienced any problems in having.
I have my devices set up like this
eth0 - ifconfig eth0 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
XBOX - 192.168.2.10 netmask 255.255.255.0 broadcast 192.168.255 gateway 192.168.2.1
This configuration works perfectly on my router at my house which has the IP of 192.168.0.1
However at my friends house he has a router with the IP adress of 192.168.2.10 or 192.168.2.7*, I don't remember exactly but I'll find out tonight. I have tried changing my IP settings on my xbox and eth0 to no avail. I noticed instantly that the XBOX IP is the same as my friends router. what the new settings would be, or simply changing the router's IP.
However there is also an issue with the DNS servers. I can't find them anywhere on the router or on the router box itself. I heard that I could point it towards my default gateway however.
Its a case of ".... wireless network connection active but still not internet connection .."I am using WEP - 128 key ... Works when I connect directly using ethernet cable ... but not wireless (pci and wireless router)
ubuadmin@ubucomputer:~$ ifconfig
wlan0 Link encap:Ethernet HWaddr 00:06:25:12:83:3b
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::206:25ff:fe12:833b/64 Scope:Link[code].....
I am new to Ubuntu and till now I have chosen it to be my favorite distro. I use my laptop in various networks, home, work, school. When I run firestarter the wizard does not give me the option for wireless INTERNET, only ethernet.
View 2 Replies View RelatedI've been using Firestarter for a while and have used it to set-up inbound and outbound policies (which are probably way too restricitve) but since turning on boot logging the other day I have noted that the boot log contains the message:
Code:
* Starting the Firestarter firewall [fail] I find this somewhat alarming. I have seen post[URL].ht= firestarter (although have not added it the auto startup list and do not wish to have it start without the root password). What I would like to know is as the computer boots up does it set the iptables to their last setting irrespective of whether firestarter starts or does firestarter need to start to set the iptables and therefore my policies?
what files does firestarter change? I would like to know so I can look at the files so I can learn to do the same thing without firestarter.
View 3 Replies View RelatedI am running Ubuntu 10.10 I have an question about the firewall Firestarter, when checking the firewall it told me there are 9 serious incoming connections what must I do with this info. Inbound is normally blocked as standard i have also see that someone with port 1234 and 12345 have trying to attempt mine system but failed all trojan ports are fully blocked.
View 2 Replies View Relatedi just installed Firestarter firewall and it is showing me 12 serious inbounds after an hour.Is it a serious matter ? What should i do ?
View 3 Replies View Related