Hello to all.
This looks like a great place to ask a question or two, so here goes.
At home here we have two windows based comps routing through a Linux box to the Internet.
I'm getting interested in IPCHAINS, as I installed it a while back to get onto the Internet, but now I would like to know a little more about it.
It's initially set up to block all packets past the forward chain, and then masquerading takes over.
This is where some questions arise for me, I assume that Masquerading will only accept incoming packets from the Internet, and pass them on to the output chain, if it knows their identity.
That is to say, it is an incoming packet that is a result of a previous request for a web page as an example.
The reason I think this is that I read that IRC, FTP etc need to send packets that do not meet this requirement, and so need special modules to be installed to allow them to work.
But I visited a site
http://grc.com, and let their scanners loose on my system.
It wasn’t too bad, but some ports were clearly open, and after some reading, I added some extra rules to the input chain to DENY access to them.
All good and well, as they all show up as stealth now, although as the site explains, these were only the most commonly scanned ports.
So to cut an already long post short, here are my two questions.
Why did some ports show up as open?? That is if what I said above is correct, but I feel I've missed something basic here.
The second question is…… take FTP as an example, lets say that I was running the module to allow FTP to work (I believe there's two modes….only one needs the module to be installed?)
Then I do a port scan only to find the port is wide open and clearly visible to a hacker.
So I then write a rule to block any access to the ports in question, does that now mean that FTP is now rendered useless (depending on which mode)??
And if it does, doesn’t that mean that to open the port is a security risk for an organisation trying to secure their network from the outside world ??
Thanks in advance
Wazza
