What is wrong with firestarter?
ghe
ghe at slsware.com
Wed Aug 27 14:09:57 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Knapp wrote:
| I just rescanned my computer with the shield site and it found 2 open
| ports 22 and 80. I know that 22 only works with keys
This ain't necessarily so. SSH can be set to accept passwords. In that
case the only keys involved are the ones identifying the computers. A
remote login would be tightly encrypted, but that connection could be
established as easily as with telnet.
| so it should be
| safe but what about Apache?
Apache's a pretty well done piece of software, so it's reasonably safe
to run. But if you aren't serving stuff with it, there's no reason for
it to even be running.
| Then there is the bit about ping. Is there
| anyreason I should NOT turn it off?
Yes, there is. It is a real PITA to newbie net admins, such as myself,
to try to deal with 'puters that won't ping -- lots of wasted time
checking cables, etc.
I just ran all the Shields Up tests on my own site. It's pretty
Winders-centric, and maybe a cracker can do something nasty to W through
ping, but AFAIK, it's completely harmless on Linux.
A working ping *does* reveal that you exist, and there are an awful lot
of ports that Shields Up doesn't probe, so there might be something
running on one (like an X server on 6000, or a virus backdoor). An nmap
scan of all 65535 possible ports would find them.
Also, if you do decide to disable ping (ICMP echo request), be careful
not to disable too much ICMP -- some of it is necessary to grease the
TCP/IP wheels...
FWIW, Shields Up said every port it checked was 'Stealth'. That's what
I've tried to do, but this was my first external confirmation that it
actually works :-)) Thanks, Brian, for posting the link.
I don't care what they say, though. If one of my computers doesn't
respond to a ping, something between here and there is broken...
- --
Glenn English
ghe at slsware.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAki1YDUACgkQ04yQfZbbTLZIOwCffKIqoT7FrkPaVxrpOVeEPkgJ
eVEAoKedH9g6MIaZ/uS/v5oBUFrQWXvX
=1wj+
-----END PGP SIGNATURE-----
More information about the ubuntu-users
mailing list