[PLUG] firewall

Eli Stair eli.stair at gmail.com
Tue May 9 07:58:35 UTC 2006


If you're running the nmap scans from your machine, then you will
likely bypass most (all) typical firewall rules.  A standard allow
rule in most "kit" setups is to allow all connections to the loopback
(localhost / 127.0.0.1) and to the public ethernet if the origin is
the same interface.  You didn't specify, so that's my assumption.

What I'd be most worried about is tha telnet is running at all...
first order of busines is to decide why it is, and move to using SSH
for remote access.   Second, track down an externally-originated scan
of your host to get a view of what your firewall rules are blocking;
the nmap website has at least one link to such a site/service IIRC.

Congrats on taking the interest and effort into looking at system security!

/eli

On 5/9/06, Bruce Kilpatrick <bakilpatrick at verizon.net> wrote:
> Hey gang,
>
> I recently downloaded and installed Firestarter on my Ubuntu box and
> disabled the firewall in the Actiontec modem/router/wireless...
>
> I read a newsletter talking about security risks and so I installed nmap
> and gave it a try.
>
> Here is some of the output of nmap on my system:
>
> PORT   STATE SERVICE
> 23/tcp open  telnet
> 80/tcp open  http
> MAC Address: 00:0F:B3:AF:A0:B0 (Actiontec Electronics)
> Device type: general purpose
> Running: Linux 2.4.X
> OS details: Linux 2.4.6 - 2.4.21
> Uptime 2.451 days (since Sat May  6 13:30:37 2006)
> TCP Sequence Prediction: Class=random positive increments
>                          Difficulty=4367995 (Good luck!)
> IPID Sequence Generation: All zeros
>
> Nmap finished: 1 IP address (1 host up) scanned in 7.373 seconds
>                Raw packets sent: 512 (20.7KB) | Rcvd: 512 (24KB)
>
>
> Is this bad?
>
> Bruce
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>



More information about the PLUG mailing list