Mailing List Archive

   tlug.jp -> Mailing List -> tlug archive -> tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Does Linux need, or have, a firewall?

Edward, Joe,

    Thank you for responding.

Joe Larabell wrote:

>On Wed, 22 Feb 2006, Dave Gutteridge wrote:
>
>  
>
>>It doesn't say anything about aMule on port 80.
>>    
>>
>Sure it does
>  
>
Aha! www = port 80. I didn't make that connection, though I should have. 
Thank you for pointing that out.

>It shows aMule is making an outgoing connection on port 80 (www) to 
>83.149.123.189. The firestarter screenshot confirms the direction of the 
>connection.
>  
>
That's a little scary. Partly because someone upthread said only root 
users should be able to use port 80, and partly because if aMule is 
connecting outward to the web without really telling me about it, 
perhaps it's some kind of spyware activity? Don't mean to be paranoid, 
but I'm not keen on running that application again until I know what 
it's doing on that port and if I have the option to stop it or not.

>It also looks like aMule is listening on 4662, just like you expect.
>  
>
That is good. And if I'm not mistaken, it is also sending data out on 
4665 and 4672, UDP, as it should.

So if the router and firewall aren't stopping these ports, why can't I 
get a highID?

>In which case, maybe the output from the command 'iptables -L' would give 
>a better idea of what's currently allowed and what's not.
>
Got the ouptut from that command, but of course it is beyond me:

dave@example.com:~$ sudo iptables -L
Chain INBOUND (4 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:4662
ACCEPT     udp  --  anywhere             anywhere            udp dpt:4662
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:4672
ACCEPT     udp  --  anywhere             anywhere            udp dpt:4672
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:4665
ACCEPT     udp  --  anywhere             anywhere            udp dpt:4665
ACCEPT     tcp  --  anywhere             anywhere            tcp 
dpt:gnutella-svc
ACCEPT     udp  --  anywhere             anywhere            udp 
dpt:gnutella-svc
LSI        all  --  anywhere             anywhere

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  warpstar-575b08      anywhere            tcp 
flags:!SYN,RST,ACK/SYN
ACCEPT     udp  --  warpstar-575b08      anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            limit: avg 
10/sec burst 5
DROP       all  --  anywhere             255.255.255.255
DROP       all  --  anywhere             192.168.0.255
DROP       all  --  BASE-ADDRESS.MCAST.NET/8  anywhere
DROP       all  --  anywhere             BASE-ADDRESS.MCAST.NET/8
DROP       all  --  255.255.255.255      anywhere
DROP       all  --  anywhere             0.0.0.0
DROP       all  --  anywhere             anywhere            state INVALID
LSI        all  -f  anywhere             anywhere            limit: avg 
10/min burst 5
INBOUND    all  --  anywhere             anywhere
INBOUND    all  --  anywhere             192.168.0.102
INBOUND    all  --  anywhere             192.168.0.102
INBOUND    all  --  anywhere             192.168.0.255
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Unknown Input'

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            limit: avg 
10/sec burst 5
TCPMSS     tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     tcp  --  anywhere             192.168.0.3         tcp dpt:4665
ACCEPT     udp  --  anywhere             192.168.0.3         udp dpt:4665
ACCEPT     tcp  --  anywhere             192.168.0.3         tcp dpt:4672
ACCEPT     udp  --  anywhere             192.168.0.3         udp dpt:4672
ACCEPT     tcp  --  anywhere             192.168.0.3         tcp dpt:4662
ACCEPT     udp  --  anywhere             192.168.0.3         udp dpt:4662
ACCEPT     tcp  --  anywhere             192.168.0.102       tcp 
dpt:gnutella-svc
ACCEPT     udp  --  anywhere             192.168.0.102       udp 
dpt:gnutella-svc
OUTBOUND   all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             192.168.0.0/24      state 
RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             192.168.0.0/24      state 
RELATED,ESTABLISHED
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Unknown Forward'

Chain LOG_FILTER (5 references)
target     prot opt source               destination

Chain LSI (2 references)
target     prot opt source               destination
LOG_FILTER  all  --  anywhere             anywhere
LOG        tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix 
`Inbound '
DROP       tcp  --  anywhere             anywhere            tcp 
flags:SYN,RST,ACK/SYN
LOG        tcp  --  anywhere             anywhere            tcp 
flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix 
`Inbound '
DROP       tcp  --  anywhere             anywhere            tcp 
flags:FIN,SYN,RST,ACK/RST
LOG        icmp --  anywhere             anywhere            icmp 
echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP       icmp --  anywhere             anywhere            icmp 
echo-request
LOG        all  --  anywhere             anywhere            limit: avg 
5/sec burst 5 LOG level info prefix `Inbound '
DROP       all  --  anywhere             anywhere

Chain LSO (0 references)
target     prot opt source               destination
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            limit: avg 
5/sec burst 5 LOG level info prefix `Outbound '
REJECT     all  --  anywhere             anywhere            reject-with 
icmp-port-unreachable

Chain OUTBOUND (3 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  192.168.0.102        warpstar-575b08     tcp dpt:domain
ACCEPT     udp  --  192.168.0.102        warpstar-575b08     udp dpt:domain
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  BASE-ADDRESS.MCAST.NET/8  anywhere
DROP       all  --  anywhere             BASE-ADDRESS.MCAST.NET/8
DROP       all  --  255.255.255.255      anywhere
DROP       all  --  anywhere             0.0.0.0
DROP       all  --  anywhere             anywhere            state INVALID
OUTBOUND   all  --  anywhere             anywhere
OUTBOUND   all  --  anywhere             anywhere
LOG_FILTER  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
info prefix `Unknown Output'

--
Dave M G
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links