On 9/16/07, NoOp <<a href="mailto:glgxg@sbcglobal.net">glgxg@sbcglobal.net</a>> wrote:<div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> On 09/16/2007 02:06 PM, Jimmy Wu wrote: >> > Also, how do I find out what ports are open? >> > I tried a netstat -l and got a lot of output (which I've attached to the >> > end) >> > >> >> sudo apt-get install nmap >> >> sudo nmap -sV localhost >> >> With samba running these ports will be open: >> >> 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: >> nameofyourworkgroup) >> 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: >> nameofyourworkgroup) >> >> You can replace localhost with an IP or domain name. >> >> >> Much thanks. The obvious next question is how to control which ports are > listening or closed. Also, I've heard of port stealthing on certain > firewall software -- does anyone know what that is? > Sudo apt-get install firestarter Firestarter is a gui frontend for iptables with many added features, see: <a href="http://www.fs-security.com/">http://www.fs-security.com/</a> <a href="http://www.fs-security.com/docs.php"> http://www.fs-security.com/docs.php</a> You can also modify your iptables w/scripts & from the command line (google). However, Ubuntu comes with nearly all ports closed. So any ports opened afterwards are from your installation of the programs that use them. To close the ports either remove the programs that opened them, or read the program documentation to see how to close or change the ports it uses. I'd also very much advise purchasing a router with a built-in firewall. That, in combination with Firestarter should keep you pretty secure. -- ubuntu-users mailing list <a href="mailto:ubuntu-users@lists.ubuntu.com">ubuntu-users@lists.ubuntu.com</a> Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-users">https://lists.ubuntu.com/mailman/listinfo/ubuntu-users</a> </blockquote></div> Thanks again for the responses. I actually don't want to install firestarter, at least not until I have more time to play around (I've been and will be extremely busy for a while). The last time I installed firestarter, it borked my connection to my Windows network. There was a thread (actually multiple threads) on ubuntuforums relating to this, but none of them worked for me and I somehow screwed up DNS/name resolution while trying to fix that, and eventually I just reinstalled the system, as I couldn't afford to spend any more time trying to get it to work. Realizing that firestarter is just a gui frontend to iptables, this time around I want to just use iptables directly, so I can immediately undo any rule that messes up my connection.