A question that has been asked a 100 times before

Discussion in 'Computer Security' started by Amamba, Sep 27, 2005.

  1. Amamba

    Amamba Guest

    I'll still ask it, though, as I found lots of conflicting answers.

    I used to be running a Win XP behind Sygate f/w on cable modem.

    Open port scans were showing all ports as stealthed.

    I have recently bought a US Robotics 5461 router. I did not select the
    option to have it configured through Web connection.

    Now, port 80 shows as open. (I am using Sygate's SOS site).

    It is my understanding that port 80 is open on the router and not on my
    PC, and that all outside requests sent to this port would "die" in the
    router; is this assumption correct, or is this open port an issue ?

    Another question: I set up Linux (Ubiuntu) as a second boot option. I
    know very little about it and don't yet know how to set up a firewall.
    Does the router itself provide enough protection ? Is there a firewall
    for Linux that is user friendly enough (i.e. has a GUI interface and
    doesn't require advance programming skills to setup) ?

    Thanks !
    Amamba, Sep 27, 2005
    #1
    1. Advertising

  2. "Amamba" <> wrote in message
    news:...
    > I'll still ask it, though, as I found lots of conflicting answers.
    >
    > I used to be running a Win XP behind Sygate f/w on cable modem.
    >
    > Open port scans were showing all ports as stealthed.
    >
    > I have recently bought a US Robotics 5461 router. I did not select the
    > option to have it configured through Web connection.
    >
    > Now, port 80 shows as open. (I am using Sygate's SOS site).


    This is a web site, right? One that you're connected to on port 80, right?
    (Hint, hint ;o)

    That said, it's still worth checking that the admin port isn't open to the
    outside world. I very much doubt that it is (after hearing incessant rumours
    about this being the case, I've yet to see a single example. And I've dealt
    with a lot of routers, over the years...)

    > Another question: I set up Linux (Ubiuntu) as a second boot option. I
    > know very little about it and don't yet know how to set up a firewall.
    > Does the router itself provide enough protection ? Is there a firewall
    > for Linux that is user friendly enough (i.e. has a GUI interface and
    > doesn't require advance programming skills to setup) ?


    There is, but I'll let someone with better experience of that distro
    contribute.

    Personally, I'm happy with a hardware-based setup (like yours, both my
    routers have Stateful Packet Inspection: i.e. a built-in firewall). Your
    situation may be very different (I don't tend to visit too many "dodgy" web
    sites, for one thing, or run P2P).

    In your case, I'd be more concerned with locking-down the wireless part of
    the router.

    HTH

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
    Hairy One Kenobi, Sep 27, 2005
    #2
    1. Advertising

  3. From: "Amamba" <>

    | I'll still ask it, though, as I found lots of conflicting answers.
    |
    | I used to be running a Win XP behind Sygate f/w on cable modem.
    |
    | Open port scans were showing all ports as stealthed.
    |
    | I have recently bought a US Robotics 5461 router. I did not select the
    | option to have it configured through Web connection.
    |
    | Now, port 80 shows as open. (I am using Sygate's SOS site).
    |
    | It is my understanding that port 80 is open on the router and not on my
    | PC, and that all outside requests sent to this port would "die" in the
    | router; is this assumption correct, or is this open port an issue ?
    |
    | Another question: I set up Linux (Ubiuntu) as a second boot option. I
    | know very little about it and don't yet know how to set up a firewall.
    | Does the router itself provide enough protection ? Is there a firewall
    | for Linux that is user friendly enough (i.e. has a GUI interface and
    | doesn't require advance programming skills to setup) ?
    |
    | Thanks !

    Disable all WAN administrative access on the Router. You should NOT be able to administrate
    the Router or upgrade the FirmWare of the Router from the WAN side. It should only be done
    from the LAN side.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Sep 27, 2005
    #3
  4. Amamba

    Amamba Guest

    Thanks for all replies.

    >>This is a web site, right? One that you're connected to on port 80, right?
    >>(Hint, hint ;o)


    When I had my computer connected to the LAN directly w/o router, port
    80 would show up as closed, with Sygate running. Wouldn't it be the
    same situation ?

    As for WAN administration, it indeed is disabled.
    Amamba, Sep 27, 2005
    #4
  5. From: "Amamba" <>

    | Thanks for all replies.
    |
    >>> This is a web site, right? One that you're connected to on port 80, right?
    >>> (Hint, hint ;o)

    |
    | When I had my computer connected to the LAN directly w/o router, port
    | 80 would show up as closed, with Sygate running. Wouldn't it be the
    | same situation ?
    |
    | As for WAN administration, it indeed is disabled.

    If you run a Port Scan from the POV of the Internet, the port scanner is looking at the
    Router, not any PC on the LAN side of the Router. Therefore if TCP Port 80 is open then the
    Router has it open.

    Are you sure that all administrative services of said Router are disabled for the WAN ?

    Are you port forwarding TCP Port 80 to a node on the LAN ?

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Sep 27, 2005
    #5
  6. Amamba

    Moe Trin Guest

    In the Usenet newsgroup alt.computer.security, in article
    <>, Amamba wrote:

    >Open port scans were showing all ports as stealthed.


    Useless - play with 'traceroute' and see why.

    >I have recently bought a US Robotics 5461 router. I did not select the
    >option to have it configured through Web connection.
    >
    >Now, port 80 shows as open. (I am using Sygate's SOS site).


    So, point your browser to the external address - and what do you see?

    >It is my understanding that port 80 is open on the router and not on my
    >PC, and that all outside requests sent to this port would "die" in the
    >router; is this assumption correct, or is this open port an issue ?


    If it's open, then _something_ is listening. What? Even if it's some
    crappy "under construction" web page (it could also be the router
    configuration too, which is why you should try to look at it), it's
    probably not the greatest idea to have it open.

    >Another question: I set up Linux (Ubiuntu) as a second boot option. I
    >know very little about it and don't yet know how to set up a firewall.
    >Does the router itself provide enough protection ?


    If "nothing" is open on the router, and no server function is being forwarded,
    you are probably OK. On the Ubuntu box, find a command line and type

    netstat -tupan

    to find out what is open there. There should not be much - possibly 113
    (auth) used by IRC clients, and may be needed by other services like mail.
    You _may_ see port 6000 open, which is the X server (your GUI).
    You may also have installed a program called 'nmap' which is

    [compton ~]$ whatis nmap
    nmap (1) - Network exploration tool and security scanner
    [compton ~]$

    >Is there a firewall for Linux that is user friendly enough (i.e. has a
    >GUI interface and doesn't require advance programming skills to setup) ?


    Web Results 1 - 10 of about 6,640,000 for Linux firewall configuration
    tool. (0.29 seconds)

    Web Results 1 - 10 of about 235,000 for Ubuntu Linux firewall
    configuration tool. (0.26 seconds)

    The firewall is built into the kernel. What you are looking for is some
    crappy tool to configure it, and there are literally hundreds of them.
    Even the base '/sbin/iptables' doesn't require programming skills, though
    common sense would be helpful. Did you look at the HOWTOs? If you installed
    them, there are over 470 documents including such things as

    -rw-rw-r-- 1 gferg ldp 155096 Jan 23 2004 Security-HOWTO
    -rw-rw-r-- 1 gferg ldp 278012 Jul 23 2002 Security-Quickstart-HOWTO

    You posted from google.groups, though your address shows comcast. Both carry
    many Linux newsgroups, include such gems as

    comp.os.linux.misc Linux-specific topics not covered by other groups.
    comp.os.linux.networking Networking and communications under Linux.
    comp.os.linux.security Security and the GNU/Linux Operating System.
    comp.os.linux.setup Linux installation and system administration.

    So far, I haven't seen a Ubuntu specific newsgroup, but it's a clone of
    Debian, and your comcast server should have 175 newsgroups with the word
    'debian' in the title (and 1100+ that have the word 'linux' in the title).

    Old guy
    Moe Trin, Sep 27, 2005
    #7
  7. Amamba

    Imhotep Guest

    Amamba wrote:

    > I'll still ask it, though, as I found lots of conflicting answers.
    >
    > I used to be running a Win XP behind Sygate f/w on cable modem.
    >
    > Open port scans were showing all ports as stealthed.
    >
    > I have recently bought a US Robotics 5461 router. I did not select the
    > option to have it configured through Web connection.
    >
    > Now, port 80 shows as open. (I am using Sygate's SOS site).
    >
    > It is my understanding that port 80 is open on the router and not on my
    > PC, and that all outside requests sent to this port would "die" in the
    > router; is this assumption correct, or is this open port an issue ?


    Check that your router does not allow configuration from the Internet...

    > Another question: I set up Linux (Ubiuntu) as a second boot option. I
    > know very little about it and don't yet know how to set up a firewall.
    > Does the router itself provide enough protection ? Is there a firewall
    > for Linux that is user friendly enough (i.e. has a GUI interface and
    > doesn't require advance programming skills to setup) ?
    >
    > Thanks !
    Imhotep, Sep 28, 2005
    #8
  8. Amamba

    John Hyde Guest

    on 9/27/2005 1:01 PM Moe Trin said the following:
    > In the Usenet newsgroup alt.computer.security, in article
    > <>, Amamba wrote:
    >
    >
    >>Open port scans were showing all ports as stealthed.

    >
    >
    > Useless - play with 'traceroute' and see why.
    >
    >
    >>I have recently bought a US Robotics 5461 router. I did not select the
    >>option to have it configured through Web connection.
    >>
    >>Now, port 80 shows as open. (I am using Sygate's SOS site).

    >
    >
    > So, point your browser to the external address - and what do you see?
    >
    >
    >>It is my understanding that port 80 is open on the router and not on my
    >>PC, and that all outside requests sent to this port would "die" in the
    >>router; is this assumption correct, or is this open port an issue ?

    >
    >
    > If it's open, then _something_ is listening. What? Even if it's some
    > crappy "under construction" web page (it could also be the router
    > configuration too, which is why you should try to look at it), it's
    > probably not the greatest idea to have it open.
    >
    >
    >>Another question: I set up Linux (Ubiuntu) as a second boot option. I
    >>know very little about it and don't yet know how to set up a firewall.
    >>Does the router itself provide enough protection ?

    >
    >
    > If "nothing" is open on the router, and no server function is being forwarded,
    > you are probably OK. On the Ubuntu box, find a command line and type
    >
    > netstat -tupan
    >
    > to find out what is open there. There should not be much - possibly 113
    > (auth) used by IRC clients, and may be needed by other services like mail.
    > You _may_ see port 6000 open, which is the X server (your GUI).
    > You may also have installed a program called 'nmap' which is
    >
    > [compton ~]$ whatis nmap
    > nmap (1) - Network exploration tool and security scanner
    > [compton ~]$
    >
    >
    >>Is there a firewall for Linux that is user friendly enough (i.e. has a
    >>GUI interface and doesn't require advance programming skills to setup) ?

    >
    >
    > Web Results 1 - 10 of about 6,640,000 for Linux firewall configuration
    > tool. (0.29 seconds)
    >
    > Web Results 1 - 10 of about 235,000 for Ubuntu Linux firewall
    > configuration tool. (0.26 seconds)
    >
    > The firewall is built into the kernel. What you are looking for is some
    > crappy tool to configure it, and there are literally hundreds of them.
    > Even the base '/sbin/iptables' doesn't require programming skills, though
    > common sense would be helpful. Did you look at the HOWTOs? If you installed
    > them, there are over 470 documents including such things as
    >
    > -rw-rw-r-- 1 gferg ldp 155096 Jan 23 2004 Security-HOWTO
    > -rw-rw-r-- 1 gferg ldp 278012 Jul 23 2002 Security-Quickstart-HOWTO
    >


    Great resource. But the problem is that the HOWTOs are not that easy to
    read. In fact my last attempt to configure a linux box "failed" because
    the HOWTOs were too dense for me. I'm a pretty smart guy, but I have
    limited expertise in computers. Just lots of interest.

    (I'm getting ready to try to dual boot my laptop soon. Always hopeful,
    maybe I'll be able to do better this time . . . Time, ah yes, that's the
    issue . . ..)

    JH
    John Hyde, Sep 28, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tzar
    Replies:
    4
    Views:
    456
    Ron Williams
    Aug 6, 2003
  2. Don
    Replies:
    4
    Views:
    415
    Marc Popek
    Jan 7, 2006
  3. Amamba

    The question probably asked a 100 times before..

    Amamba, Jan 9, 2006, in forum: Digital Photography
    Replies:
    2
    Views:
    282
    Stewy
    Jan 10, 2006
  4. Knowledge
    Replies:
    9
    Views:
    450
    Gaius Baltar
    Nov 25, 2006
  5. =?Utf-8?B?S2Vubnk=?=

    I know this has been asked before...hard drive size

    =?Utf-8?B?S2Vubnk=?=, Jan 15, 2006, in forum: Windows 64bit
    Replies:
    2
    Views:
    345
    Charlie Russel - MVP
    Jan 15, 2006
Loading...

Share This Page