[Gllug] Security & closing ports on certain interfaces.

Zverina, David David.Zverina at uk.wmmercer.com
Thu Feb 14 10:55:05 UTC 2002


Setup packet filtering

ipchains -A input -p tcp --destination-port 6000 -i ppp0 -j DENY

The above line will discard tcp packets that are:
1. Incoming and addressed to port 6000 (X) and
2. come in along the ppp0 interface.

Repeat for any other ports that you want to filter.


Then stick these commands into /etc/rc.d/rc.local so that you are
automatically protected whenever you reboot.

Cheers,

Dave.

-----Original Message-----
From: Jackson, Harry [mailto:HJackson at colt-telecom.com] 
Sent: 14 February 2002 10:39
To: 'gllug at linux.co.uk'
Subject: RE: [Gllug] Security & closing ports on certain interfaces.




> -----Original Message-----
> From: Paul Brazier [mailto:pbrazier at cosmos-uk.co.uk]
> 
> If I nmap my home PC (RedHat 7.1) from outside with the 
> firewall down I
> see the X11, SMTP and sunrpc ports open.
> I only use postfix to send out mail (it comes in by pop3).
> I need sunrpc to use NFS on my internal network.
> 
> Is it possible to configure these services so they only advertise
> themselves as open on my lo and eth0 interfaces (i.e. not on the ppp0
> interface)?
> If so is it generally speaking just some options in the
> /etc/<service>.conf files??
> 
> I've tried things like xhost and /etc/hosts.allow and /etc/hosts.deny
> and /etc/postfix/main.cf but although I think they stop anyone
> connecting without authority they still seem to advertise the ports as
> open to nmap.
> 
> I know I can shut them off with a firewall but I'm going for a
> belt-and-braces approach.

Xintetd is the obvious choice but the way I done it was to find the
configuration file for each service and look for the following strings,
either in this file or the man page for it.

interface
eth0
bind
listen
secur

This normally found the thing that I needed to change to get the service in
question to only listen on internal devices. I have not mastered Xinetd for
all my services yet but it is on my to do list. I have also got an iptables
firewall that allows me to connect out using http via squid and pop3 but
blocks all incoming connections. I also use the following command to see
what is listening on my machine as it is quicker than nmap


$netstat -pan --inet


Anything with 0.0.0.0 and LISTEN on the same line means that it is visible
and open to external sources see man page for a more thorough explanation.

Harry
What are the advantages of using NFS over samba?


****************************************************************************
*********
COLT Telecommunications
Registered in England No. 2452736
Registered Office: Bishopsgate Court, 4 Norton Folgate, London E1 6DQ
Tel. 020 7390 3900

This message is subject to and does not create or vary any contractual
relationship between COLT Telecommunications, its subsidiaries or 
affiliates ("COLT") and you. Internet communications are not secure
and therefore COLT does not accept legal responsibility for the
contents of this message.  Any view or opinions expressed are those of
the author. The message is intended for the addressee only and its
contents and any attached files are strictly confidential. If you have
received it in error, please telephone the number above. Thank you.
****************************************************************************
*********


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

*************************** IMPORTANT NOTE **************************
The above information is confidential to the addressee and may be
privileged.  Unauthorised access and use is prohibited. William M. Mercer
Limited is regulated by IMRO and the Personal Investment Authority.
Registered in London No. 984275 Registered Office: Telford House, 14 Tothill
Street, London SW1H 9NB 


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list