Re: All these open ports

To: listcomm@ml1.net, debian-firewall@lists.debian.org
Subject: Re: All these open ports
From: Mike Mestnik <cheako911@yahoo.com>
Date: Wed, 25 Aug 2004 19:52:45 -0700 (PDT)
Message-id: <[🔎] 20040826025245.9331.qmail@web11904.mail.yahoo.com>
In-reply-to: <[🔎] 1093470058.32197.203064509@webmail.messagingengine.com>

--- listcomm@ml1.net wrote:

> 
> On Mon, 23 Aug 2004 13:05:00 +0800, "Katipo" <katipo@weavers-web.org>
> said:
> 
> > >In any case, I've as yet been unable to find any way of getting
> > >detection and authorization of outgoing requests with any
> > >of the Linux firewalls, or with IPtables - although I can hardly say
> > >that
> > >I've thoroughly done my homework
> > >
> > Even firestarter provides some degree of configurability in this
> respect.
> 
> It will block ports on an individual basis, if you can identify
> them as needing to be blocked - but AFAIK the iptables script it sets
> up,
> defaults to forwarding all requests from internal processes.  (If I'm
Like the FW communicating with the system?  This is not lightly setup,
thought a netstat could fetch(ony what's going on when it's run) this
info.
There is a system where the FW can look at the user and name of the
program, but this likely is not what your talking aobut.

> wrong about that, or if there is some way to get it even to flag
> outgoing
> access attempts by newly spawned processes, I'd like to know about
> it...)
Like iptables -A OUTGOING -m state -state NEW -j log?  Like I said you can
have the User:ID and program name printed as well, I think?  If not you
could have syslogd trip of a "netstat -p" run and have that e-maild to
you.

> 
> > Asking in the right place helps.
> > A number of people here would have the answers you're looking for, but
> 
> > Debian has a firewall list.
> 
> Yes - I asked about that earlier.  I posted to the firewall list
> earlier,
> in fact, and got no response at all.  Additionally, there is a lot of
> traffic on here other than my own, WRT firewall and iptables subjects.
> I'll cross-post this to the firewall list, but I'm really getting the
> impression it doesn't get used much...  maybe I'm wrong, but I'm signed
> up on it and don't see as much traffic on there as I do about firewall
> on the "users" list.
> 
I can assure you that where here, just recently we setup a wiki. 
http://wiki.debian.net/index.cgi?Firewalls, feel free to add your
experties with Linux and/or Debian Fierwalls there.  I would love to read
about your ideal settup.

> 
> > Itt might be an idea to check out apps like tinyhoneypot amongst
> others, 
> > also.
> 
> Thanks... I'll do that - it sounds like there's at least one area I
> haven't
> explored yet...
> 
> 
> > >(Okay, now, everybody yell in unison:  "WELL GO RUN WINDOWS THEN!!!")
> > >  
> > >
> > Failing that, go run windows.
> 
> Why, thank you.  I needed that.  (But not to worry, I'm on my way out of
> Billyworld permanently, one way or the other, difficulties
> notwithsatanding...)
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 



		
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush

Reply to:

References:
- Re: All these open ports
  - From: listcomm@ml1.net

Prev by Date: Re: How to work with my iptables script
Next by Date: pppoe and mss clamping via iptables
Previous by thread: Re: All these open ports
Next by thread: pppoe and mss clamping via iptables
Index(es):
- Date
- Thread