At 08:37 23/04/2000 -0400, Mark B Withers wrote:

Linux users:

I am paranoid about being port scanned. Mainly because I don't understand what exactly that is but I do wish to have as secure of a network as possible.

maybe you can use portsentry (Search it at www.freshmeat.net), to give you protection against port scanning. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

On Sun, Apr 23, 2000 at 08:37:23AM -0400, Mark B Withers wrote:

Linux users:

I am paranoid about being port scanned. Mainly because I don't understand what exactly that is but I do wish to have as secure of a network as possible.

Port scanning is just checking which ports you have open on a system. There is no real danger in that by itself. The thing is, an open port indicates a service being offered, and most services are associated with a well-known port number (telnet on port 23, http on port 80, etc.). Thus, if someone knows that a well-known port is open then they can infer that a particular service is being offered. If they also happen to know of a bug in that service, then they can try to use that bug to break in, if they're that sort of person.

One thing I do is log on with all the accounts I intend to use on my Linux machine BEFORE I connect to the internet with ADSL.

That is not really necessary. If "they" can monitor your logins to your own box then you've already been cracked and have other things to worry about. :)

I simply haven't taken the time yet to read all the security literature that I have currently. Is there something that is more or less a quick read to get one started?

I wish I did, it would have been a big help. If you have something like nmap (there's an rpm on the SuSE CDs in the "sec" section) you can portscan yourself by typing, "nmap localhost". I recommend this. If you want to know more about how to protect your system there's nothing like looking at it from the crackers' point of view. If you're using a 2.2 kernel another thing you could do is add a couple ipchains rules to log _everything_ and view the resulting log files. I did this & it helped me a lot to understand how all the networking stuff works. Beware though, this will produce one line in the log for every packet! It can make the log grow quickly so make sure you have the space. /sbin/ipchains -I input -l /sbin/ipchains -I output -l ... will do the trick. Do that and then the nmap thing for example, or a little web surfing. To remove those rules, /sbin/ipchains -R input 1 /sbin/ipchains -R output 1 ... should work, assuming you haven't added any more rules. These just remove the 1st rules in the lists. I put these commands in a couple scripts so I could turn logging on and off easily whenever I wanted to experiment. /sbin/ipchains -L -nv .. will list the existing rules in all the chains without changing anything. If you're using the scripts from the SuSE firewall package, that last ipchains command is a good thing to do anyways. If you're going to use your box as a firewall you will have to learn ipchains at some point regardless, and you can use the firewall setup as an example. Of course, looking at the /sbin/init.d/firewall script is a good idea in this case as well.

I wish to have my Linux box as a firewall and the gateway eventually.

You might want to take a look at http://dslreports.com/ . They have a lot of resources for DSL. (Cable and other broadband people might find it interesting as well.) In particular, they link to http://www.secure-me.net/ from which you can request a scan be run against your box. This will give you a report you can use to help you evaluate your setup. -John -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/