[Techtalk] How to block ports
Vonda
vtrucs at gmail.com
Fri May 16 21:29:07 UTC 2008
Carla Schroder wrote:
> On Friday 16 May 2008 12:59:58 pm Vonda wrote:
>
>> Hello, everyone,
>>
>>
>> Can someone tell me how to block port in Linux? My system is Debian
>> Sarge.
>>
>>
>> It looks like a couple of sites have breached my Firestarter firewall.
>> They're using ports 33961, 33943 and 33971. Netstat shows them connect
>> to port 80 on their sites.
>>
>>
>> Thank you.
>>
>>
>
> Hi Vonda,
>
> A port is open only when you have a listening service running. For example, if
> you're running the SSH daemon so you can log in remotely to your system then
> port 22 is open. SSHD listening on all interfaces and accepting connections
> from any address looks like this in netstat:
>
> tcp6 0 0 :::22 :::* LISTEN
>
> A Web server looks like this:
>
> tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
>
> Both examples show that there are no active connections, they're just
> listening.
>
> I'm wondering if you aren't seeing your ordinary web surfing? Because your
> local client will use random high-numbered ports to connect to an outside Web
> site. Here is a netstat sample from my own Web surfing:
>
> tcp 0 0 192.168.1.10:36474 62.149.140.42:80
> ESTABLISHED8242/firefox-bin
> tcp 0 0 192.168.1.10:59477 72.14.253.104:80
> ESTABLISHED8242/firefox-bin
> tcp 0 0 192.168.1.10:57578 209.85.139.166:80
> ESTABLISHED8242/firefox-bin
>
> If you have no services running, then you have no open ports.
>
> cheers,
> Carla
>
Hello, Carla,
Ruh-roh - now my eqo hurts. That looks just like my netstat output
(not actual addresses) . Good catch!
Vonda
More information about the Techtalk
mailing list