Chuckie
01-07-2000, 10:49 AM
What exactly does one do from another computer to test the security of mine? In other words, I have a Windows box networked with the Linux box so what do I do to test how secure the Linux box is?
Click to See Complete Forum and Search --> : How do I know?
MkIII_Supra
01-07-2000, 10:59 AM
I can't remember the program name but there is a port scanner for M$. Down load / install and then conduct a port scan of your system. Or you could find a trusted source and have then conduct the port scan with another Linux box and nmap.
------------------
The Dragon is swift and powerful. Beware his wrath...
Guns don't kill, idiots with guns kill! I think I'll have another beer!
Home Page: http://home.san.rr.com/mk3supra
------------------
The Dragon is swift and powerful. Beware his wrath...
Guns don't kill, idiots with guns kill! I think I'll have another beer!
Home Page: http://home.san.rr.com/mk3supra
Chuckie
01-07-2000, 02:03 PM
This is my situation:
I have a windows box accessing the internet through the Linux box and Ip Masquerading. I got a port scanner for windows, ran it on the ip address of the linux box, and there were a lot of ports open. The last one was BO2K, on port 5xxxx, which got me spooked. I can't remember exactly what port, because I tried scanning again, but nothing happened. From then on, until I typed ifconfig eth1 down and ifconfig eth1 up, the windows box was banned from all connections to my linux box. A curious thing. Is that what portsentry does? Also, doesn't fakeBO emulate BO on udp port 31337? I can't see BO when I scan myself, but I can see it when I scan from someone else for some reason.
Thanks! http://www.linuxnewbie.org/ubb/smile.gif
I have a windows box accessing the internet through the Linux box and Ip Masquerading. I got a port scanner for windows, ran it on the ip address of the linux box, and there were a lot of ports open. The last one was BO2K, on port 5xxxx, which got me spooked. I can't remember exactly what port, because I tried scanning again, but nothing happened. From then on, until I typed ifconfig eth1 down and ifconfig eth1 up, the windows box was banned from all connections to my linux box. A curious thing. Is that what portsentry does? Also, doesn't fakeBO emulate BO on udp port 31337? I can't see BO when I scan myself, but I can see it when I scan from someone else for some reason.
Thanks! http://www.linuxnewbie.org/ubb/smile.gif
Chuckie
01-07-2000, 02:05 PM
Also, if I scan my ip address instead of localhost/127.0.0.1, portsentry bans ME from all connections too, which means I can't access the internet http://www.linuxnewbie.org/ubb/redface.gif
slimy
01-07-2000, 04:17 PM
Portsentry is designed to detect port scans, and block the offending IP (the IP of the person who performed the portscan).
There is a problem with this, however.
Lets assume that I connect to my bank's web server to do a couple of transfers. Someone sniffs the traffic, and sees my connection to the bank. They can't get my data, since the connection is encripted, but they can see the packet headers. They see my IP, and the banks's IP. They port scan me, buy spoof the source IP to that of my bank. PortSentry sees the port scan and blocks the offending IP, which is the same IP as the bank's web site. Suddenly, I can't exchange traffic with my bank!
There is a problem with this, however.
Lets assume that I connect to my bank's web server to do a couple of transfers. Someone sniffs the traffic, and sees my connection to the bank. They can't get my data, since the connection is encripted, but they can see the packet headers. They see my IP, and the banks's IP. They port scan me, buy spoof the source IP to that of my bank. PortSentry sees the port scan and blocks the offending IP, which is the same IP as the bank's web site. Suddenly, I can't exchange traffic with my bank!
Chuckie
01-07-2000, 04:34 PM
About banks...how safe are online transactions? And how do secure connections work?
Sensei
01-07-2000, 05:58 PM
yeh i tried using portsentry on the LNO server and sendmail shutdown completely...
but supposedly you can config it the way you want it to work.
gotta really read more on portsentry before implimenting it in full.
------------------
Sensei
Join the Linuxnewbie.org SETI Black Belts!
http://setiathome.ssl.berkeley.edu/cgi-bin/cgi?cmd=team_join_form&id=11027
but supposedly you can config it the way you want it to work.
gotta really read more on portsentry before implimenting it in full.
------------------
Sensei
Join the Linuxnewbie.org SETI Black Belts!
http://setiathome.ssl.berkeley.edu/cgi-bin/cgi?cmd=team_join_form&id=11027
slimy
01-07-2000, 06:05 PM
Bank transactions are typically safe, since they tend to use https (secure http). For example, my bank won't even let you sign up if your browser doesn't support 128-bit encription. Yes, your packets can be looked at by anyone, but only the header can be understood. The data portion of the https packets are encripted. Just be sure to use a good (ie: random) password!
Oz
01-07-2000, 06:40 PM
Well portsentry will use tcpwrappers so all you need to do is add the ip you want to accept( no matter what you do even scans ) to /etc/hosts.allow. If you already have an ip that is banned then you must delete if from /etc/hosts.deny before you add them to the hosts.allow file.
mka
12-31-2000, 02:51 AM
I think you can also specify in .../portsentry/portsentry.ignore IP addies that you want portsentry to ignore.
At least that's what I understood from the file!
------------------
mka
George W. Bush: "A key to foreign policy is to rely on reliance."
At least that's what I understood from the file!
------------------
mka
George W. Bush: "A key to foreign policy is to rely on reliance."
cs25x
12-31-2000, 03:11 AM
you have to put your localhost in ignore for portsentry, it should be there already along with 0.0.0.0 nmap is the tool to use.
there are sites that scan you if you ask, search for "portscan secure" i think one is called insecure.com or something like it. That is where nmap comes from. Turn off portsentry before you try it because all that will happen is they will be shut out and you will get a perfect score. It is possible to get a perfect score without portsentry, and that is what you should aim for. After you do that, try another site some scans are more equal. Then turn portsentry back on.
Happy new year.
010101010
there are sites that scan you if you ask, search for "portscan secure" i think one is called insecure.com or something like it. That is where nmap comes from. Turn off portsentry before you try it because all that will happen is they will be shut out and you will get a perfect score. It is possible to get a perfect score without portsentry, and that is what you should aim for. After you do that, try another site some scans are more equal. Then turn portsentry back on.
Happy new year.
010101010
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.