[ubuntu-uk] Checking to make sure you are safe...port checking etc.
Alan Lord (News)
alanslists at gmail.com
Fri Apr 23 13:12:05 BST 2010
On 23/04/10 12:44, John Matthews wrote:
> @Alan Lord......that is very clever I'm impressed....also very
> patronising....and you wonder why it is I react the way I do on here and
> IRC ubuntu-uk. I want to say more. If I understood how it worked, I
> wouldnt have needed to ask. The way I see it, you didnt have to talk,
> just do what Alan Pope did, just give some urls, that didnt hurt. Or
> better still, say nothing. Because it didnt help, apart from the wind me
> up even more.
Sorry. No offence intended. LMGTFY is used frequently and I don't take
offence when it is offered to me.
> If it means anything, I did a google search, prior to e-mailing, and
> couldnt work out if they were talking about Linux or Windows, or what
> they would work on. In that search it didnt seem to mention Linux at
> all, so I dont know if it will work on Linux or not, hence the question.
Initially, what should be of interest is actually what ports are open to
the outside world via your router. It doesn't really matter if the
machines are Windows or not to start with.
Find out what ports are accessible from the Internet and then work out
if they need to be open or not on the router.
Unless you are hosting a web site, ssh access or a mail server there
aren't many other reasons why your router should expose any open ports
at all.
Most DSL routers perform a function called NAT (Network Address
Translation) so that the single IP address that is on the "Internet"
side can be mapped to multiple individual IP addresses on the private
side. As a direct consequence of this, you have to explicitly configure
port forwarding from the Internet to a specific machine on your network
for a specific port, or as has been discussed before, a DMZ
(De-Militarised Zone) to which all unknown incoming traffic is directed.
Once you have the router setup correctly, you can then use tools like
nmap from your Ubuntu pc to show you what ports are open on *every*
machine on your local network. You can then decide if they need to be
open or not on a case-by-case basis.
> @Alan Lord....In that search you just performed for me, it mentions
> nothing about Linux, so how do I know if it will work.
See above. These web based sites will tell you what ports are open to
the Internet. For example using any of those tools on my IP address (the
one I have on the Internet Side of my router) would show you I only have
3 ports open: 22 (ssh) 80 (web) and 8080 (Another web service). On my
router each of those ports are forwarded to specific machines and ports
on my network.
I also have a couple of ports configured on the router's firewall to
only allow traffic from a known destination IP and Port to connect to a
specific host/port on my LAN. A port scanner will not pick these up of
course.
HTH
Al
--
The Open Learning Centre
http://www.theopenlearningcentre.com
More information about the ubuntu-uk
mailing list