[ubuntu-uk] Checking to make sure you are safe...port checking etc.

John Matthews jakewc2 at sky.com
Fri Apr 23 16:38:32 BST 2010 

On 23/04/10 13:12, Alan Lord (News) wrote:
> On 23/04/10 12:44, John Matthews wrote:
>    
>> @Alan Lord......that is very clever I'm impressed....also very
>> patronising....and you wonder why it is I react the way I do on here and
>> IRC ubuntu-uk. I want to say more. If I understood how it worked, I
>> wouldnt have needed to ask. The way I see it, you didnt have to talk,
>> just do what Alan Pope did, just give some urls, that didnt hurt. Or
>> better still, say nothing. Because it didnt help, apart from the wind me
>> up even more.
>>      
> Sorry. No offence intended. LMGTFY is used frequently and I don't take
> offence when it is offered to me.
>
>    
>> If it means anything, I did a google search, prior to e-mailing, and
>> couldnt work out if they were talking about Linux or Windows, or what
>> they would work on. In that search it didnt seem to mention Linux at
>> all, so I dont know if it will work on Linux or not, hence the question.
>>      
> Initially, what should be of interest is actually what ports are open to
> the outside world via your router. It doesn't really matter if the
> machines are Windows or not to start with.
>
> Find out what ports are accessible from the Internet and then work out
> if they need to be open or not on the router.
>
> Unless you are hosting a web site, ssh access or a mail server there
> aren't many other reasons why your router should expose any open ports
> at all.
>
> Most DSL routers perform a function called NAT (Network Address
> Translation) so that the single IP address that is on the "Internet"
> side can be mapped to multiple individual IP addresses on the private
> side. As a direct consequence of this, you have to explicitly configure
> port forwarding from the Internet to a specific machine on your network
> for a specific port, or as has been discussed before, a DMZ
> (De-Militarised Zone) to which all unknown incoming traffic is directed.
>
> Once you have the router setup correctly, you can then use tools like
> nmap from your Ubuntu pc to show you what ports are open on *every*
> machine on your local network. You can then decide if they need to be
> open or not on a case-by-case basis.
>
>    
>> @Alan Lord....In that search you just performed for me, it mentions
>> nothing about Linux, so how do I know if it will work.
>>      
> See above. These web based sites will tell you what ports are open to
> the Internet. For example using any of those tools on my IP address (the
> one I have on the Internet Side of my router) would show you I only have
> 3 ports open: 22 (ssh) 80 (web) and 8080 (Another web service). On my
> router each of those ports are forwarded to specific machines and ports
> on my network.
>
> I also have a couple of ports configured on the router's firewall to
> only allow traffic from a known destination IP and Port to connect to a
> specific host/port on my LAN. A port scanner will not pick these up of
> course.
>
> HTH
>
> Al
>
>
>    

Hi Alan,

thanks for your reply, that helped a lot.

I am still wondering about the Ping problem that I mentioned earlier. In 
that test, I passed everything, was telling me that I am not visible, 
but still fail because they can ping my pc.

How are you affected with being pinged, and is it worth blocking pinging.

John

-- 
Ubuntu User #30817

More information about the ubuntu-uk mailing list