Re: All these open ports
> If a port is open, and associated with a program which isn't from a
> debian package and you don't believe you put it there yourself - its
> time to consider the possibility your machine has been compromised.
Okay... that gives me an opening to try this again.
At the risk of provoking the usual "WELL GO RUN WINDOWS THEN!!!"
knee-jerk reaction, I will mention that the Gatesware-based firewall
packages (like "Zone Alarm") will detect *outgoing* connection attempts
and query whether they are legitimate.
There has been some dicsuscion on the net w/r/t the fact that apparently
the later (per)versions of Gatesware have some "trojans" embedded in the
OS, which will connect to Billsoft to report your social security
number, sexual preference, etc. etc. - the point being that (allegedly)
commercial firewall products can't detect such attempts to "phone home".
In any case, I've as yet been unable to find any way of getting
detection and authorization of outgoing requests with any
of the Linux firewalls, or with IPtables - although I can hardly say
I've thoroughly done my homework - but I have asked here and there and
thus far no one seems to know. The "Paradigm" seems to be that if
it's something that got spawned on your machine, and is trying to
outward, it by definition must be legitimate, so it gets granted a port,
unless whatever port it is requesting is *already* explicitly blocked
by "iptables" or whatever for some reason.
(Okay, now, everybody yell in unison: "WELL GO RUN WINDOWS THEN!!!")