LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue68/tag/10.html

249 lines
10 KiB
HTML
Raw Permalink Blame History

<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.3E.w">
<TITLE>The Answer Gang 68: Closing Ports</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<P> <hr>
<CENTER>
<!-- *** BEGIN navbar *** -->
<!-- *** END navbar *** -->
</CENTER>
</p>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<p align="center">
<table width="100%" border="0"><tr>
<td align="right" valign="center"
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
><A HREF="..//"
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
ALT="[ Table Of Contents ]" border="0"></A
><A HREF="../lg_answer68.html"
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
<td align="center" valign="center"><A HREF="../lg_answer68.html#greeting"><img align="middle"
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A> &nbsp;
<A HREF="bios.html">bios</A> &nbsp;
<A HREF="1.html">1</A> &nbsp;
<A HREF="2.html">2</A> &nbsp;
<A HREF="3.html">3</A> &nbsp;
<A HREF="4.html">4</A> &nbsp;
<A HREF="5.html">5</A> &nbsp;
<A HREF="6.html">6</A> &nbsp;
<A HREF="7.html">7</A> &nbsp;
<A HREF="8.html">8</A> &nbsp;
<A HREF="9.html">9</A> &nbsp;
<A HREF="10.html">10</A> &nbsp;
<A HREF="11.html">11</A> &nbsp;
<A HREF="12.html">12</A>
</td>
<td align="left" valign="center"><A HREF="../../tag/kb.html"
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
ALT="[ Index of Past Answers ]" border="0"></A
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
</p>
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<center>
<H1><A NAME="answer">
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
border="0" align="middle">
<font color="#B03060">The Answer Gang</font>
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
border="0" align="middle">
</A></H1>
<BR>
<H4>By Jim Dennis, Ben Okopnik, Dan Wilder, Breen, Chris, and the Gang,
the Editors of Linux Gazette...
and You!
<br>Send questions (or interesting answers) to
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a>
</H4>
<p><em><font color="#990000">There is no guarantee that your questions
here will <b>ever</b> be answered. Readers at confidential sites
must provide permission to publish. However, you can be published
anonymously - just let us know!
</font></em></p>
</center>
<p><hr><p>
<!-- endcut ======================================================= -->
<!-- begin 10 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
height="50" width="60" alt="(?) " border="0"
>Closing Ports</H3>
<p><strong>From Saylormoon7
</strong></p>
<p align="right"><strong>Answered By Mike Orr
<br></strong></p>
<!-- sig -->
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Hello, I'm new to the 'puter world an I have been hearing a lot
about "closing ports." What exactly does this mean? And how would I go about
checking for open ports an closing them? Again like I said I am new to all of
this. So if you can help me, please explain it in the simplest way you can.
Thank you for you're time an help
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Mike]
A port is simply a positive integer the kernel uses to map a network
packet to the currently-running process (=application instance) it came
from or is going to. (This kind of port has nothing to do with the
physical ports on the back of your computer--serial, parallel, USB.) It
is not the Process ID (PID), because each process has only one PID but
it may have several network connections open simultaneously.
</BLOCKQUOTE>
<BLOCKQUOTE>
Your kernel has ports numbered from 1 to somewhere above 60000. Each
port is either open (currently in use) or closed (not in use). Most
ports are used as endpoints for current connections (every connection
has one local port on your computer and one remote port on the other
computer), but the ports you're interested in are the ones open in
"listening" mode. Listening means that there's no particular "other
end" of the connection--the server is waiting for a client to come along
and use it.
</BLOCKQUOTE>
<BLOCKQUOTE>
Think of prostitutes waiting on a street corner. The only difference
is that when a client <EM>does</EM> come up, the hooker (or rent boy) clones
herself (himself), and the clone walks off with the customer, while the
original continues waiting for the next customer.
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course, programs have bugs, and a smart
cr@cKeR knows which versions
of which programs have exploitable vulnerabilities. So he'll go
scouring around the net looking for computers running vulnerable
services. Say you're running a version of Sendmail that has a certain
security weakness. The cracker finds it, and you're dead. But say you
don't need Sendmail running on that particular computer, so you turn it
off. The cracker comes along, gets a "Connection refused" error, and
curses the darkness. The port is closed, meaning there's no
application running to receive his request, so the kernel can do
nothing but say, "Sorry, nobody's home." Frustrated, the cracker goes and
bothers somebody else's computer instead.
</BLOCKQUOTE>
<BLOCKQUOTE>
Another trick some crackers do is to portscan the computer. This means
he'll try to connect to every possible port. Most will be rejected, but
at least he'll know which ones are listening. Then he can concentrate
his attack on those ports. Usually, he doesn't care about those
applications in themselves; he just wants to force the program into an
error condition such as a buffer overrun in such a way that it fools the
computer into giving him a root shell. Then he can try to crack the US
National Security Agency, and the guys in black suits will come knocking
at <EM>your</EM> door thinking it was you.
</BLOCKQUOTE>
<BLOCKQUOTE>
Closing ports is something you can do yourself: simply turn off all services you
don't have to have running on that machine. To combat portscanning,
you can use various software tools which log the attempt and/or raise
an alert. Some of these programs are described in the Linux Gazette
articles below. The articles also include other security tips for
keeping the bad guys out of your servers.
</BLOCKQUOTE>
<blockQuote><ul>
<LI><A HREF="../../issue65/stumpel.html"
>http://www.linuxgazette.com/issue65/stumpel.html</A>
<LI><A HREF="../../issue56/flechtner.html"
>http://www.linuxgazette.com/issue56/flechtner.html</A>
<LI><A HREF="../../issue58/tag/7.html"
>http://www.linuxgazette.com/issue58/tag/7.html</A>
<LI><A HREF="../../issue51/nielsen.html"
>http://www.linuxgazette.com/issue51/nielsen.html</A>
<LI><A HREF="../../issue54/stoddard.html"
>http://www.linuxgazette.com/issue54/stoddard.html</A>
<LI><A HREF="../../issue55/stoddard.html"
>http://www.linuxgazette.com/issue55/stoddard.html</A>
</ul></blockQuote>
<BLOCKQUOTE>
The last three articles are listed in chronological order and perhaps
give the best background.
</BLOCKQUOTE>
<BLOCKQUOTE>
You can also poke around <A HREF="http://www.securityportal.com"
>http://www.securityportal.com</A> for similar
security tips.
</BLOCKQUOTE>
<!-- end 10 -->
<!--startcut ======================================================= -->
<P> <hr> </p>
<!-- *** BEGIN copyright *** -->
<H5 align="center">This page edited and maintained by the Editors
of <I>Linux Gazette</I>
<a href="http://www.linuxgazette.com/copying.html"
>Copyright &copy;</a> 2001
<BR>Published in issue 68 of <I>Linux Gazette</I> July 2001</H5>
<H6 ALIGN="center">HTML script maintained by
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
Starshine Technical Services,
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
</H6>
<!-- *** END copyright *** -->
<P> <hr>
<P> <hr>
<CENTER>
<!-- *** BEGIN navbar *** -->
<!-- *** END navbar *** -->
</CENTER>
</p>
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<p align="center">
<table width="100%" border="0"><tr>
<td align="right" valign="center"
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
><A HREF="..//"
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
ALT="[ Table Of Contents ]" border="0"></A
><A HREF="../lg_answer68.html"
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
<td align="center" valign="center"><A HREF="../lg_answer68.html#greeting"><img align="middle"
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A> &nbsp;
<A HREF="bios.html">bios</A> &nbsp;
<A HREF="1.html">1</A> &nbsp;
<A HREF="2.html">2</A> &nbsp;
<A HREF="3.html">3</A> &nbsp;
<A HREF="4.html">4</A> &nbsp;
<A HREF="5.html">5</A> &nbsp;
<A HREF="6.html">6</A> &nbsp;
<A HREF="7.html">7</A> &nbsp;
<A HREF="8.html">8</A> &nbsp;
<A HREF="9.html">9</A> &nbsp;
<A HREF="10.html">10</A> &nbsp;
<A HREF="11.html">11</A> &nbsp;
<A HREF="12.html">12</A>
</td>
<td align="left" valign="center"><A HREF="../../tag/kb.html"
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
ALT="[ Index of Past Answers ]" border="0"></A
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
</p>
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->
Reference in New Issue View Git Blame Copy Permalink