----- Original Message ----- From: "Jay Daniels" <jay@xxxxxxxxxxx> > > > Probably MS Windows worms and virus trying to spread, but I would > > >really like to know what or who is trying to connect to my ports! > > > > tcpdump will tell you. Or if you want a nice display, use ethereal. > > > > But the router blocks all that before it gets to the linux box. Light > flashing in internet side of router, no lights flashing on linux box. > So, tcpdump nor ethereal will show anything! > OK, it seems that what you are after is knowledge about what the router/firewall is dropping. You'll have to get that from the docs and config for that box, or put a sniffer on the internet side of it and take a look while you run another sniffer or tcpdump on the LAN side. > > > Would it be silly to scrap the hardware router/firewall in place of > > > iptables and connect the dsl line directly to my nic just like the old > > > days when that's all that we had available??? > > I think it's better to keep your firewall in a separate box and screen your whole subnet. If you also want to run IPtables on your host, fine, it will be additional protection. > > What's strange about this DSL setup, there is no authentication or > login! So I guess it's possible if my system was down someone could > actually use my ip address - perhaps another DSL user who is with the > same provider. "Always on" is the norm. You don't have to authenticate unless you want to get onto something with useage billing or security requirements. But it's all dependent on your ISP. There are two general categories of connections with my ISP, "business" where you get a routeable subnet, and "residential" or "bridged" where you get one or more addresses on a subnet, which could be either fixed or dynamically assigned addresses. Take this up with your ISP. > > But why does x11 use any ports and can I close the port without > killing X? Is it the font server, xfs? I don't care about running X > apps from remote ssh, etc. > X is a client-server architecture. Even if the server (screen and keyboard side) and client (application side) are on the same machine, the communications is via the IP stack. The whole thing should be inside the firewall. Another argument for having a separate firewall. -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
