Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > A question that has been asked a 100 times before

Reply
Thread Tools

A question that has been asked a 100 times before

 
 
Amamba
Guest
Posts: n/a
 
      09-27-2005
I'll still ask it, though, as I found lots of conflicting answers.

I used to be running a Win XP behind Sygate f/w on cable modem.

Open port scans were showing all ports as stealthed.

I have recently bought a US Robotics 5461 router. I did not select the
option to have it configured through Web connection.

Now, port 80 shows as open. (I am using Sygate's SOS site).

It is my understanding that port 80 is open on the router and not on my
PC, and that all outside requests sent to this port would "die" in the
router; is this assumption correct, or is this open port an issue ?

Another question: I set up Linux (Ubiuntu) as a second boot option. I
know very little about it and don't yet know how to set up a firewall.
Does the router itself provide enough protection ? Is there a firewall
for Linux that is user friendly enough (i.e. has a GUI interface and
doesn't require advance programming skills to setup) ?

Thanks !

 
Reply With Quote
 
 
 
 
Hairy One Kenobi
Guest
Posts: n/a
 
      09-27-2005
"Amamba" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> I'll still ask it, though, as I found lots of conflicting answers.
>
> I used to be running a Win XP behind Sygate f/w on cable modem.
>
> Open port scans were showing all ports as stealthed.
>
> I have recently bought a US Robotics 5461 router. I did not select the
> option to have it configured through Web connection.
>
> Now, port 80 shows as open. (I am using Sygate's SOS site).


This is a web site, right? One that you're connected to on port 80, right?
(Hint, hint ;o)

That said, it's still worth checking that the admin port isn't open to the
outside world. I very much doubt that it is (after hearing incessant rumours
about this being the case, I've yet to see a single example. And I've dealt
with a lot of routers, over the years...)

> Another question: I set up Linux (Ubiuntu) as a second boot option. I
> know very little about it and don't yet know how to set up a firewall.
> Does the router itself provide enough protection ? Is there a firewall
> for Linux that is user friendly enough (i.e. has a GUI interface and
> doesn't require advance programming skills to setup) ?


There is, but I'll let someone with better experience of that distro
contribute.

Personally, I'm happy with a hardware-based setup (like yours, both my
routers have Stateful Packet Inspection: i.e. a built-in firewall). Your
situation may be very different (I don't tend to visit too many "dodgy" web
sites, for one thing, or run P2P).

In your case, I'd be more concerned with locking-down the wireless part of
the router.

HTH

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!


 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      09-27-2005
From: "Amamba" <(E-Mail Removed)>

| I'll still ask it, though, as I found lots of conflicting answers.
|
| I used to be running a Win XP behind Sygate f/w on cable modem.
|
| Open port scans were showing all ports as stealthed.
|
| I have recently bought a US Robotics 5461 router. I did not select the
| option to have it configured through Web connection.
|
| Now, port 80 shows as open. (I am using Sygate's SOS site).
|
| It is my understanding that port 80 is open on the router and not on my
| PC, and that all outside requests sent to this port would "die" in the
| router; is this assumption correct, or is this open port an issue ?
|
| Another question: I set up Linux (Ubiuntu) as a second boot option. I
| know very little about it and don't yet know how to set up a firewall.
| Does the router itself provide enough protection ? Is there a firewall
| for Linux that is user friendly enough (i.e. has a GUI interface and
| doesn't require advance programming skills to setup) ?
|
| Thanks !

Disable all WAN administrative access on the Router. You should NOT be able to administrate
the Router or upgrade the FirmWare of the Router from the WAN side. It should only be done
from the LAN side.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
Amamba
Guest
Posts: n/a
 
      09-27-2005
Thanks for all replies.

>>This is a web site, right? One that you're connected to on port 80, right?
>>(Hint, hint ;o)


When I had my computer connected to the LAN directly w/o router, port
80 would show up as closed, with Sygate running. Wouldn't it be the
same situation ?

As for WAN administration, it indeed is disabled.

 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      09-27-2005
From: "Amamba" <(E-Mail Removed)>

| Thanks for all replies.
|
>>> This is a web site, right? One that you're connected to on port 80, right?
>>> (Hint, hint ;o)

|
| When I had my computer connected to the LAN directly w/o router, port
| 80 would show up as closed, with Sygate running. Wouldn't it be the
| same situation ?
|
| As for WAN administration, it indeed is disabled.

If you run a Port Scan from the POV of the Internet, the port scanner is looking at the
Router, not any PC on the LAN side of the Router. Therefore if TCP Port 80 is open then the
Router has it open.

Are you sure that all administrative services of said Router are disabled for the WAN ?

Are you port forwarding TCP Port 80 to a node on the LAN ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
 
Reply With Quote
 
Moe Trin
Guest
Posts: n/a
 
      09-27-2005
In the Usenet newsgroup alt.computer.security, in article
<(E-Mail Removed) .com>, Amamba wrote:

>Open port scans were showing all ports as stealthed.


Useless - play with 'traceroute' and see why.

>I have recently bought a US Robotics 5461 router. I did not select the
>option to have it configured through Web connection.
>
>Now, port 80 shows as open. (I am using Sygate's SOS site).


So, point your browser to the external address - and what do you see?

>It is my understanding that port 80 is open on the router and not on my
>PC, and that all outside requests sent to this port would "die" in the
>router; is this assumption correct, or is this open port an issue ?


If it's open, then _something_ is listening. What? Even if it's some
crappy "under construction" web page (it could also be the router
configuration too, which is why you should try to look at it), it's
probably not the greatest idea to have it open.

>Another question: I set up Linux (Ubiuntu) as a second boot option. I
>know very little about it and don't yet know how to set up a firewall.
>Does the router itself provide enough protection ?


If "nothing" is open on the router, and no server function is being forwarded,
you are probably OK. On the Ubuntu box, find a command line and type

netstat -tupan

to find out what is open there. There should not be much - possibly 113
(auth) used by IRC clients, and may be needed by other services like mail.
You _may_ see port 6000 open, which is the X server (your GUI).
You may also have installed a program called 'nmap' which is

[compton ~]$ whatis nmap
nmap (1) - Network exploration tool and security scanner
[compton ~]$

>Is there a firewall for Linux that is user friendly enough (i.e. has a
>GUI interface and doesn't require advance programming skills to setup) ?


Web Results 1 - 10 of about 6,640,000 for Linux firewall configuration
tool. (0.29 seconds)

Web Results 1 - 10 of about 235,000 for Ubuntu Linux firewall
configuration tool. (0.26 seconds)

The firewall is built into the kernel. What you are looking for is some
crappy tool to configure it, and there are literally hundreds of them.
Even the base '/sbin/iptables' doesn't require programming skills, though
common sense would be helpful. Did you look at the HOWTOs? If you installed
them, there are over 470 documents including such things as

-rw-rw-r-- 1 gferg ldp 155096 Jan 23 2004 Security-HOWTO
-rw-rw-r-- 1 gferg ldp 278012 Jul 23 2002 Security-Quickstart-HOWTO

You posted from google.groups, though your address shows comcast. Both carry
many Linux newsgroups, include such gems as

comp.os.linux.misc Linux-specific topics not covered by other groups.
comp.os.linux.networking Networking and communications under Linux.
comp.os.linux.security Security and the GNU/Linux Operating System.
comp.os.linux.setup Linux installation and system administration.

So far, I haven't seen a Ubuntu specific newsgroup, but it's a clone of
Debian, and your comcast server should have 175 newsgroups with the word
'debian' in the title (and 1100+ that have the word 'linux' in the title).

Old guy
 
Reply With Quote
 
Imhotep
Guest
Posts: n/a
 
      09-27-2005
Amamba wrote:

> I'll still ask it, though, as I found lots of conflicting answers.
>
> I used to be running a Win XP behind Sygate f/w on cable modem.
>
> Open port scans were showing all ports as stealthed.
>
> I have recently bought a US Robotics 5461 router. I did not select the
> option to have it configured through Web connection.
>
> Now, port 80 shows as open. (I am using Sygate's SOS site).
>
> It is my understanding that port 80 is open on the router and not on my
> PC, and that all outside requests sent to this port would "die" in the
> router; is this assumption correct, or is this open port an issue ?


Check that your router does not allow configuration from the Internet...

> Another question: I set up Linux (Ubiuntu) as a second boot option. I
> know very little about it and don't yet know how to set up a firewall.
> Does the router itself provide enough protection ? Is there a firewall
> for Linux that is user friendly enough (i.e. has a GUI interface and
> doesn't require advance programming skills to setup) ?
>
> Thanks !


 
Reply With Quote
 
John Hyde
Guest
Posts: n/a
 
      09-28-2005
on 9/27/2005 1:01 PM Moe Trin said the following:
> In the Usenet newsgroup alt.computer.security, in article
> <(E-Mail Removed) .com>, Amamba wrote:
>
>
>>Open port scans were showing all ports as stealthed.

>
>
> Useless - play with 'traceroute' and see why.
>
>
>>I have recently bought a US Robotics 5461 router. I did not select the
>>option to have it configured through Web connection.
>>
>>Now, port 80 shows as open. (I am using Sygate's SOS site).

>
>
> So, point your browser to the external address - and what do you see?
>
>
>>It is my understanding that port 80 is open on the router and not on my
>>PC, and that all outside requests sent to this port would "die" in the
>>router; is this assumption correct, or is this open port an issue ?

>
>
> If it's open, then _something_ is listening. What? Even if it's some
> crappy "under construction" web page (it could also be the router
> configuration too, which is why you should try to look at it), it's
> probably not the greatest idea to have it open.
>
>
>>Another question: I set up Linux (Ubiuntu) as a second boot option. I
>>know very little about it and don't yet know how to set up a firewall.
>>Does the router itself provide enough protection ?

>
>
> If "nothing" is open on the router, and no server function is being forwarded,
> you are probably OK. On the Ubuntu box, find a command line and type
>
> netstat -tupan
>
> to find out what is open there. There should not be much - possibly 113
> (auth) used by IRC clients, and may be needed by other services like mail.
> You _may_ see port 6000 open, which is the X server (your GUI).
> You may also have installed a program called 'nmap' which is
>
> [compton ~]$ whatis nmap
> nmap (1) - Network exploration tool and security scanner
> [compton ~]$
>
>
>>Is there a firewall for Linux that is user friendly enough (i.e. has a
>>GUI interface and doesn't require advance programming skills to setup) ?

>
>
> Web Results 1 - 10 of about 6,640,000 for Linux firewall configuration
> tool. (0.29 seconds)
>
> Web Results 1 - 10 of about 235,000 for Ubuntu Linux firewall
> configuration tool. (0.26 seconds)
>
> The firewall is built into the kernel. What you are looking for is some
> crappy tool to configure it, and there are literally hundreds of them.
> Even the base '/sbin/iptables' doesn't require programming skills, though
> common sense would be helpful. Did you look at the HOWTOs? If you installed
> them, there are over 470 documents including such things as
>
> -rw-rw-r-- 1 gferg ldp 155096 Jan 23 2004 Security-HOWTO
> -rw-rw-r-- 1 gferg ldp 278012 Jul 23 2002 Security-Quickstart-HOWTO
>


Great resource. But the problem is that the HOWTOs are not that easy to
read. In fact my last attempt to configure a linux box "failed" because
the HOWTOs were too dense for me. I'm a pretty smart guy, but I have
limited expertise in computers. Just lots of interest.

(I'm getting ready to try to dual boot my laptop soon. Always hopeful,
maybe I'll be able to do better this time . . . Time, ah yes, that's the
issue . . ..)

JH
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem in running a basic code in python 3.3.0 that includes HTML file Satabdi Mukherjee Python 1 04-04-2013 07:48 PM
Tetration (print 100^100^100^100^100^100^100^100^100^100^100^100^100^100) jononanon@googlemail.com C Programming 5 04-25-2012 08:49 PM
A question for you that has never been asked before since it was the last time! Knowledge Computer Support 9 11-25-2006 11:34 PM
The question probably asked a 100 times before.. Amamba Digital Photography 2 01-10-2006 11:45 AM
Advice on VOIP Service - Sorry if this has been asked 100 times before Don VOIP 4 01-07-2006 07:30 PM



Advertisments