Re: Understanding iptables FC4

From: Ohmster (notareal_at_emailaddress.com)
Date: 07/23/05 

Date: Sat, 23 Jul 2005 00:53:56 GMT

Joseph <alkookh@yahoo.com> wrote in news:Q6eEe.166764$on1.161346
@clgrps13:

> I found that I had the security Level under network setup to be turned
> on for ftp, telnet and http. I have turned that firewall off. I went
> back and ran the link to check if the ports were opened on the site
that
> you recommanded and it came back with a stealth setting on ftp and
> telnet. Also close setting on http.
>
> Hope there is a remedy, I will be calling my ISP later today to find
out
> about the ports.
>
> Thanks
>
> Joseph

Hmmm. Turned off the security for servers. Good. I want to know *exactly*
what you get for the following ports at grc.com:

20 - FTP default data channel
21 - FTP default control channel
22 - SSH Remote Login Protocol port
23 - Telnet default port
80 - HTTP World Wide Web default port

Stealth - The port is unreachable.

Closed - The port is there and can be accessed. The "closed" status means
that there is nothing setup there to actually "answer" packets on that
port. Run the server and it will be open.

Open - The port is reachable, accessible, and there is an active server
present to answer packets sent to that port.

I don't much care about port 23, that is telnet. You mentioned that you
want telnet but no one in this newsgroup will recommend or condone that
you use it. Use ssh on port 22 instead and have port 22 stealthed. Telnet
is bad news, you can download a terrific, free, ssh client to use instead
of telnet here called "Putty".

http://www.chiark.greenend.org.uk/~sgtatham/putty/

Open up port 22 for ssh and stealth port 23 for telnet. Then install (If
it is not installed already.) openssh. Check and see if it is installed
with the rpm command like so...

[ohmster@ohmster ~]$ rpm -q openssh
openssh-3.9p1-8.0.2
[ohmster@ohmster ~]$

As you can see, I have it installed. Once it is installed, you can then
use putty to connect to your machine using ssh1 protocol. Putty is really
nice, you will see little or no difference to using ssh than if you were
using telnet. ssh is secure and no one can snoop in on your session or
run a packet sniffer on your machine to capture your login information to
ssh like they could easily do with telnet. Don't kid yourself in that
nobody is going to do that to you. The script kiddies run sniffers all
day long on entire ranges of IP addresses and you can be sure that you
will be in the mix. Happens every day, all day long.

This is what my grc port scan looks like:

http://www.ohmster.com/~ohmster/screencaps/snap072.gif

You can see that I have port 20 as "open", ready to accept incoming ftp
connections. Ports 21 is closed but will open when an ftp connection is
established. Port 22 is closed but will open when an incoming ssh
connection comes in. Port 80 is open and ready to serve up web
connections. If you are looking at the picture, then that is my server,
serving up the image on port 80. The other open/closed ports are not
necessary for this discussion. All of the light green ports are stealthed
and not used.

Give me good and accurate information on your ports as requested at the
top of this message, Joe. Don't call your ISP yet, no sense in tipping
them off to what you are doing if it is not necessary. Let's get to the
bottom of this port thing first.

If you want something to do in the meantime, check if openssh is
installed, if not, then install it with yum.

yum install openssh

As root and let it install. Once it is installed and you can verify it,
then try it out from the same fedora machine at a command line like this:

ssh localhost

Then accept the key, and login with your password. See how it works.
Close the connection by typing in exit. Get ssh working so that it can be
used instead of telnet. Once we get the right ports open, you can connect
to your machine with putty that you will download and install on your
Windows machine and get the ftp and web servers running.

Gotta go now, the wife is already in the bed screaming for me to get in
there to watch "Ocean's Twelve" on DVD. Will check back with you later. 

-- 
~Ohmster
"Read Ohmster" in subject, bypass spam filter.
ohmster /a/t/ newsguy dot com

Relevant Pages

  • Re: New server todo list
    ... But that same attack vector would still be available via port 443. ... I do FTP access because if I need to xfer files, there is no better way than FTP. ... I would install Exchange SP2 before installing the Server ...
    (microsoft.public.windows.server.sbs)
  • Re: New server todo list
    ... But that same attack vector would still be available via port 443. ... I do FTP access because if I need to xfer files, there is no better way than FTP. ... I would install Exchange SP2 before installing the Server ...
    (microsoft.public.windows.server.sbs)
  • Re: Telnet port 25
    ... Subject: Telnet port 25 ... is the sole responsibility of the customer and depends on the customer's ... Configuring sendmail 8.11.0 for Anti-Relay ...
    (AIX-L)
  • Re: Linux Forums unreachable.
    ... DSL router, do you? ... web site that does not match linuxforums.org. ... interesting to see if the problem is specific to port 80. ... ray@RaysComputer:~$ telnet www.linuxforums.org 21 ...
    (Ubuntu)
  • Re: Unknown service on port 21 and 143 detected via nessus - Next
    ... >> TELNET to the port and see what happens (Not ftp, ... I know you said nessus found something but telnet can give the actual ... > I'm starting to believe the server hosting company about their firewall ...
    (comp.os.linux.security)