Re: is it rational to close the 139 port

To: debian-user <debian-user@lists.debian.org>
Subject: Re: is it rational to close the 139 port
From: lina <lina.lastname@gmail.com>
Date: Mon, 23 Jul 2012 00:09:55 +0800
Message-id: <[🔎] CAG9cJmmARcCDdR2L4fkk6=c7R_14D4qqoqrWVAk2aj0gg_J9Yw@mail.gmail.com>
In-reply-to: <[🔎] 20120722155344.GE7631@desktop>
References: <[🔎] 500BAD78.40209@hardwarefreak.com> <[🔎] CAG9cJmmv9LBvryOJSSJv6LY3TkLO70L84rSG9B5ZN0DRvh43RA@mail.gmail.com> <[🔎] 20120722074949.GW4753@sid.nuvreauspam> <[🔎] CAG9cJm=Et-8iCkRgvri3S2M9P_YWWXtj0E-3r0uBwjLUDr8oQg@mail.gmail.com> <[🔎] 500BBA1D.5040800@hardwarefreak.com> <[🔎] CAG9cJmkv5bR9o4bxNqg9ObQzjDFawypq_Q7ugvg4MvffuA04Rg@mail.gmail.com> <[🔎] 500BC87A.4050803@hardwarefreak.com> <[🔎] CAG9cJmnG+cSqmK=diswYTHOF0ooY5d00LiOxPp8OFUotX+a=rw@mail.gmail.com> <[🔎] 20120722113234.GC7631@desktop> <[🔎] CAG9cJm=qYOvDSVb+1hBqhANWi-6tNart=FspE6fFeHmWr3ZYMw@mail.gmail.com> <[🔎] 20120722155344.GE7631@desktop>

On Sun, Jul 22, 2012 at 11:53 PM, Brian <ad44@cityscape.co.uk> wrote:
> On Sun 22 Jul 2012 at 22:01:50 +0800, lina wrote:
>
>> On Sun, Jul 22, 2012 at 7:32 PM, Brian <ad44@cityscape.co.uk> wrote:
>> >
>> > Heaven above knows why you need a firewall. These services are quite
>> > capable of getting on with life without iptables being involved. So are
>> > you.
>>
>> Just today one website I cared about failed to open, certainly it's
>> under attack.
>> I don't know what other people are capable of, I feel they are capable
>> of doing lots of things.
>> Frankly speaking I don't have much energy/channel to arm myself some
>> intense knowledge to meet some potential defense requirement
>> (sometimes I read something, but mainly to forget later.).
>> so the only way I can do now is to understand something very
>> basic.gradually and patiently, perhaps 10 years later,
>> and I don't have some strong security feelings, if something wrong
>> with the laptop, I guess I will unavoidably freak out and at that time
>> definitely some days will waste.
>
> Let's take a look at what you are doing. I'll simplify it a bit but
> hopefully not too much as to distort your intentions.
>
> 1. You have two tcp services which you offer on the network, ssh and a
>    webserver. Other services are available to localhost only. So the
>    only way the outside can communicate with your machine is through
>    ports 22 and 80.
>
> 2. You use iptables to reject all connections. This effectively means
>    the services on ports 22 and 80 become unavailable, which does not
>    suit you.
>
> 3. You now poke two holes in the firewall to reverse what you did in 2.
>
> Now you can consider what you have achieved. Sticking at 1. gives you
> what you have at 3. In what way have improved  security on the machine?

so now is okay?! (if I catch correctly, this firewall actually is
making no big differences here?)

Thanks,
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 20120722155344.GE7631@desktop">http://lists.debian.org/[🔎] 20120722155344.GE7631@desktop
>

Reply to:

Follow-Ups:
- Re: is it rational to close the 139 port
  - From: Mark Allums <mark@allums.com>

References:
- Re: is it rational to close the 139 port
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: is it rational to close the 139 port
  - From: lina <lina.lastname@gmail.com>
- Re: is it rational to close the 139 port
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: is it rational to close the 139 port
  - From: lina <lina.lastname@gmail.com>
- Re: is it rational to close the 139 port
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: is it rational to close the 139 port
  - From: lina <lina.lastname@gmail.com>
- Re: is it rational to close the 139 port
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: is it rational to close the 139 port
  - From: lina <lina.lastname@gmail.com>
- Re: is it rational to close the 139 port
  - From: Brian <ad44@cityscape.co.uk>
- Re: is it rational to close the 139 port
  - From: lina <lina.lastname@gmail.com>
- Re: is it rational to close the 139 port
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: is it rational to close the 139 port
Next by Date: Re: To pulse or not to pulse?
Previous by thread: Re: is it rational to close the 139 port
Next by thread: Re: is it rational to close the 139 port
Index(es):
- Date
- Thread