|bios 1 2 3 4 5 6 7 8 9 10 11 12|
There is no guarantee that your questions here will ever be answered. Readers at confidential sites must provide permission to publish. However, you can be published anonymously - just let us know!
Answered By Mike Orr
Hello, I'm new to the 'puter world an I have been hearing a lot about "closing ports." What exactly does this mean? And how would I go about checking for open ports an closing them? Again like I said I am new to all of this. So if you can help me, please explain it in the simplest way you can. Thank you for you're time an help
[Mike] A port is simply a positive integer the kernel uses to map a network packet to the currently-running process (=application instance) it came from or is going to. (This kind of port has nothing to do with the physical ports on the back of your computer--serial, parallel, USB.) It is not the Process ID (PID), because each process has only one PID but it may have several network connections open simultaneously.
Your kernel has ports numbered from 1 to somewhere above 60000. Each port is either open (currently in use) or closed (not in use). Most ports are used as endpoints for current connections (every connection has one local port on your computer and one remote port on the other computer), but the ports you're interested in are the ones open in "listening" mode. Listening means that there's no particular "other end" of the connection--the server is waiting for a client to come along and use it.
Think of prostitutes waiting on a street corner. The only difference is that when a client does come up, the hooker (or rent boy) clones herself (himself), and the clone walks off with the customer, while the original continues waiting for the next customer.
Of course, programs have bugs, and a smart cr@cKeR knows which versions of which programs have exploitable vulnerabilities. So he'll go scouring around the net looking for computers running vulnerable services. Say you're running a version of Sendmail that has a certain security weakness. The cracker finds it, and you're dead. But say you don't need Sendmail running on that particular computer, so you turn it off. The cracker comes along, gets a "Connection refused" error, and curses the darkness. The port is closed, meaning there's no application running to receive his request, so the kernel can do nothing but say, "Sorry, nobody's home." Frustrated, the cracker goes and bothers somebody else's computer instead.
Another trick some crackers do is to portscan the computer. This means he'll try to connect to every possible port. Most will be rejected, but at least he'll know which ones are listening. Then he can concentrate his attack on those ports. Usually, he doesn't care about those applications in themselves; he just wants to force the program into an error condition such as a buffer overrun in such a way that it fools the computer into giving him a root shell. Then he can try to crack the US National Security Agency, and the guys in black suits will come knocking at your door thinking it was you.
Closing ports is something you can do yourself: simply turn off all services you don't have to have running on that machine. To combat portscanning, you can use various software tools which log the attempt and/or raise an alert. Some of these programs are described in the Linux Gazette articles below. The articles also include other security tips for keeping the bad guys out of your servers.
The last three articles are listed in chronological order and perhaps give the best background.
You can also poke around http://www.securityportal.com for similar security tips.
|bios 1 2 3 4 5 6 7 8 9 10 11 12|