Re: All these open ports
listcomm_at_ml1.net
Date: 08/23/04
- Previous message: listcomm_at_ml1.net: "Re: anonymous proxy"
- In reply to: Jon Dowland: "Re: All these open ports"
- Next in thread: Katipo: "Re: All these open ports"
- Reply: Katipo: "Re: All these open ports"
- Reply: Travis Crump: "Re: All these open ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: debian-user@lists.debian.org Date: Sun, 22 Aug 2004 16:13:22 -0700
> If a port is open, and associated with a program which isn't from a
> debian package and you don't believe you put it there yourself - its
> time to consider the possibility your machine has been compromised.
Okay... that gives me an opening to try this again.
At the risk of provoking the usual "WELL GO RUN WINDOWS THEN!!!"
knee-jerk reaction, I will mention that the Gatesware-based firewall
packages (like "Zone Alarm") will detect *outgoing* connection attempts
and query whether they are legitimate.
There has been some dicsuscion on the net w/r/t the fact that apparently
the later (per)versions of Gatesware have some "trojans" embedded in the
OS, which will connect to Billsoft to report your social security
number, sexual preference, etc. etc. - the point being that (allegedly)
the
commercial firewall products can't detect such attempts to "phone home".
In any case, I've as yet been unable to find any way of getting
detection and authorization of outgoing requests with any
of the Linux firewalls, or with IPtables - although I can hardly say
that
I've thoroughly done my homework - but I have asked here and there and
thus far no one seems to know. The "Paradigm" seems to be that if
it's something that got spawned on your machine, and is trying to
connect
outward, it by definition must be legitimate, so it gets granted a port,
unless whatever port it is requesting is *already* explicitly blocked
by "iptables" or whatever for some reason.
(Okay, now, everybody yell in unison: "WELL GO RUN WINDOWS THEN!!!")
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: listcomm_at_ml1.net: "Re: anonymous proxy"
- In reply to: Jon Dowland: "Re: All these open ports"
- Next in thread: Katipo: "Re: All these open ports"
- Reply: Katipo: "Re: All these open ports"
- Reply: Travis Crump: "Re: All these open ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
