[Techtalk] How to block ports
Carla Schroder
carla at bratgrrl.com
Fri May 16 21:15:19 UTC 2008
On Friday 16 May 2008 12:59:58 pm Vonda wrote:
> Hello, everyone,
>
>
> Can someone tell me how to block port in Linux? My system is Debian
> Sarge.
>
>
> It looks like a couple of sites have breached my Firestarter firewall.
> They're using ports 33961, 33943 and 33971. Netstat shows them connect
> to port 80 on their sites.
>
>
> Thank you.
>
Hi Vonda,
A port is open only when you have a listening service running. For example, if
you're running the SSH daemon so you can log in remotely to your system then
port 22 is open. SSHD listening on all interfaces and accepting connections
from any address looks like this in netstat:
tcp6 0 0 :::22 :::* LISTEN
A Web server looks like this:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
Both examples show that there are no active connections, they're just
listening.
I'm wondering if you aren't seeing your ordinary web surfing? Because your
local client will use random high-numbered ports to connect to an outside Web
site. Here is a netstat sample from my own Web surfing:
tcp 0 0 192.168.1.10:36474 62.149.140.42:80
ESTABLISHED8242/firefox-bin
tcp 0 0 192.168.1.10:59477 72.14.253.104:80
ESTABLISHED8242/firefox-bin
tcp 0 0 192.168.1.10:57578 209.85.139.166:80
ESTABLISHED8242/firefox-bin
If you have no services running, then you have no open ports.
cheers,
Carla
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
check out the shiny new Linux Networking Cookbook!
Chock full o' step-by-step howtos for network admins!
http://www.oreilly.com/catalog/9780596102487/
many more Linux howtos at
http://tuxcomputing.com/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list