249 lines
10 KiB
HTML
249 lines
10 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<META NAME="generator" CONTENT="lgazmail v1.3E.w">
|
|
<TITLE>The Answer Gang 68: Closing Ports</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<P> <hr>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<p align="center">
|
|
<table width="100%" border="0"><tr>
|
|
<td align="right" valign="center"
|
|
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
|
|
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
|
|
><A HREF="..//"
|
|
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
|
|
ALT="[ Table Of Contents ]" border="0"></A
|
|
><A HREF="../lg_answer68.html"
|
|
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
|
|
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
|
|
<td align="center" valign="center"><A HREF="../lg_answer68.html#greeting"><img align="middle"
|
|
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A>
|
|
<A HREF="bios.html">bios</A>
|
|
<A HREF="1.html">1</A>
|
|
<A HREF="2.html">2</A>
|
|
<A HREF="3.html">3</A>
|
|
<A HREF="4.html">4</A>
|
|
<A HREF="5.html">5</A>
|
|
<A HREF="6.html">6</A>
|
|
<A HREF="7.html">7</A>
|
|
<A HREF="8.html">8</A>
|
|
<A HREF="9.html">9</A>
|
|
<A HREF="10.html">10</A>
|
|
<A HREF="11.html">11</A>
|
|
<A HREF="12.html">12</A>
|
|
</td>
|
|
<td align="left" valign="center"><A HREF="../../tag/kb.html"
|
|
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
|
|
ALT="[ Index of Past Answers ]" border="0"></A
|
|
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
|
|
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
|
|
</p>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Gang</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By Jim Dennis, Ben Okopnik, Dan Wilder, Breen, Chris, and the Gang,
|
|
the Editors of Linux Gazette...
|
|
and You!
|
|
<br>Send questions (or interesting answers) to
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a>
|
|
</H4>
|
|
<p><em><font color="#990000">There is no guarantee that your questions
|
|
here will <b>ever</b> be answered. Readers at confidential sites
|
|
must provide permission to publish. However, you can be published
|
|
anonymously - just let us know!
|
|
</font></em></p>
|
|
</center>
|
|
|
|
<p><hr><p>
|
|
<!-- endcut ======================================================= -->
|
|
<!-- begin 10 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>Closing Ports</H3>
|
|
|
|
|
|
<p><strong>From Saylormoon7
|
|
</strong></p>
|
|
<p align="right"><strong>Answered By Mike Orr
|
|
<br></strong></p>
|
|
|
|
<!-- sig -->
|
|
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Hello, I'm new to the 'puter world an I have been hearing a lot
|
|
about "closing ports." What exactly does this mean? And how would I go about
|
|
checking for open ports an closing them? Again like I said I am new to all of
|
|
this. So if you can help me, please explain it in the simplest way you can.
|
|
Thank you for you're time an help
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
> [Mike]
|
|
A port is simply a positive integer the kernel uses to map a network
|
|
packet to the currently-running process (=application instance) it came
|
|
from or is going to. (This kind of port has nothing to do with the
|
|
physical ports on the back of your computer--serial, parallel, USB.) It
|
|
is not the Process ID (PID), because each process has only one PID but
|
|
it may have several network connections open simultaneously.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Your kernel has ports numbered from 1 to somewhere above 60000. Each
|
|
port is either open (currently in use) or closed (not in use). Most
|
|
ports are used as endpoints for current connections (every connection
|
|
has one local port on your computer and one remote port on the other
|
|
computer), but the ports you're interested in are the ones open in
|
|
"listening" mode. Listening means that there's no particular "other
|
|
end" of the connection--the server is waiting for a client to come along
|
|
and use it.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Think of prostitutes waiting on a street corner. The only difference
|
|
is that when a client <EM>does</EM> come up, the hooker (or rent boy) clones
|
|
herself (himself), and the clone walks off with the customer, while the
|
|
original continues waiting for the next customer.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Of course, programs have bugs, and a smart
|
|
cr@cKeR knows which versions
|
|
of which programs have exploitable vulnerabilities. So he'll go
|
|
scouring around the net looking for computers running vulnerable
|
|
services. Say you're running a version of Sendmail that has a certain
|
|
security weakness. The cracker finds it, and you're dead. But say you
|
|
don't need Sendmail running on that particular computer, so you turn it
|
|
off. The cracker comes along, gets a "Connection refused" error, and
|
|
curses the darkness. The port is closed, meaning there's no
|
|
application running to receive his request, so the kernel can do
|
|
nothing but say, "Sorry, nobody's home." Frustrated, the cracker goes and
|
|
bothers somebody else's computer instead.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Another trick some crackers do is to portscan the computer. This means
|
|
he'll try to connect to every possible port. Most will be rejected, but
|
|
at least he'll know which ones are listening. Then he can concentrate
|
|
his attack on those ports. Usually, he doesn't care about those
|
|
applications in themselves; he just wants to force the program into an
|
|
error condition such as a buffer overrun in such a way that it fools the
|
|
computer into giving him a root shell. Then he can try to crack the US
|
|
National Security Agency, and the guys in black suits will come knocking
|
|
at <EM>your</EM> door thinking it was you.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Closing ports is something you can do yourself: simply turn off all services you
|
|
don't have to have running on that machine. To combat portscanning,
|
|
you can use various software tools which log the attempt and/or raise
|
|
an alert. Some of these programs are described in the Linux Gazette
|
|
articles below. The articles also include other security tips for
|
|
keeping the bad guys out of your servers.
|
|
</BLOCKQUOTE>
|
|
|
|
<blockQuote><ul>
|
|
|
|
<LI><A HREF="../../issue65/stumpel.html"
|
|
>http://www.linuxgazette.com/issue65/stumpel.html</A>
|
|
|
|
<LI><A HREF="../../issue56/flechtner.html"
|
|
>http://www.linuxgazette.com/issue56/flechtner.html</A>
|
|
|
|
<LI><A HREF="../../issue58/tag/7.html"
|
|
>http://www.linuxgazette.com/issue58/tag/7.html</A>
|
|
|
|
<LI><A HREF="../../issue51/nielsen.html"
|
|
>http://www.linuxgazette.com/issue51/nielsen.html</A>
|
|
|
|
<LI><A HREF="../../issue54/stoddard.html"
|
|
>http://www.linuxgazette.com/issue54/stoddard.html</A>
|
|
|
|
<LI><A HREF="../../issue55/stoddard.html"
|
|
>http://www.linuxgazette.com/issue55/stoddard.html</A>
|
|
</ul></blockQuote>
|
|
<BLOCKQUOTE>
|
|
The last three articles are listed in chronological order and perhaps
|
|
give the best background.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
You can also poke around <A HREF="http://www.securityportal.com"
|
|
>http://www.securityportal.com</A> for similar
|
|
security tips.
|
|
</BLOCKQUOTE>
|
|
|
|
<!-- end 10 -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr> </p>
|
|
<!-- *** BEGIN copyright *** -->
|
|
<H5 align="center">This page edited and maintained by the Editors
|
|
of <I>Linux Gazette</I>
|
|
<a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 2001
|
|
<BR>Published in issue 68 of <I>Linux Gazette</I> July 2001</H5>
|
|
<H6 ALIGN="center">HTML script maintained by
|
|
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
|
|
Starshine Technical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
|
|
</H6>
|
|
<!-- *** END copyright *** -->
|
|
<P> <hr>
|
|
<P> <hr>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</p>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<p align="center">
|
|
<table width="100%" border="0"><tr>
|
|
<td align="right" valign="center"
|
|
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
|
|
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
|
|
><A HREF="..//"
|
|
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
|
|
ALT="[ Table Of Contents ]" border="0"></A
|
|
><A HREF="../lg_answer68.html"
|
|
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
|
|
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
|
|
<td align="center" valign="center"><A HREF="../lg_answer68.html#greeting"><img align="middle"
|
|
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A>
|
|
<A HREF="bios.html">bios</A>
|
|
<A HREF="1.html">1</A>
|
|
<A HREF="2.html">2</A>
|
|
<A HREF="3.html">3</A>
|
|
<A HREF="4.html">4</A>
|
|
<A HREF="5.html">5</A>
|
|
<A HREF="6.html">6</A>
|
|
<A HREF="7.html">7</A>
|
|
<A HREF="8.html">8</A>
|
|
<A HREF="9.html">9</A>
|
|
<A HREF="10.html">10</A>
|
|
<A HREF="11.html">11</A>
|
|
<A HREF="12.html">12</A>
|
|
</td>
|
|
<td align="left" valign="center"><A HREF="../../tag/kb.html"
|
|
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
|
|
ALT="[ Index of Past Answers ]" border="0"></A
|
|
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
|
|
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
|
|
</p>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|