dcsimg
Linux Today: Linux News On Internet Time.





LinuxFocus.org: Psionic Portsentry 1.1, the defender of the ports

Sep 08, 2001, 22:04 (0 Talkback[s])
(Other stories by Georges Tarbouriech)
"During the last decade, networking grew up at an incredible speed. The goal was to allow communication between machines using different OSes. Thus, proprietary networking systems were slowly replaced with TCP/IP. Internet did the rest ! Today, most networking relies on TCP/IP and TCP/IP relies on ports. To make it short, ports are attached to programs (clients or servers). The server listens till a client contacts it to establish a connection. The services (the programs above mentioned) are mapped to a specific port. On Unix systems, this mapping scheme is found in the /etc/services file. That is, everyone knows which port is dedicated to which service. If everyone knows, crackers know even better ! If we consider a port as a door, when a port is open (listening), it's like an unlocked door. And how do you get into a house ? Usually through the door (unless you prefer the window, it's up to you !). So do the black hats to get into your computer...

The first thing you can do to reduce the risk is to close as many ports as possible, that is to stop services. The less the better. But you hardly can close every port on a networked machine : it wouldn't communicate anymore, that would be a pity ! How to limit the number of active services or how to close the ports is beyond the scope of this article. You'll find a lot of literature on the subject, for instance going to the Linux Documentation Project or searching through LinuxFocus issues (for example, Bastille Linux or Security tools). So for the different ways to protect a machine, a network. On Linux, consider Bastille Linux as a must have.

And this is where portsentry comes. Portsentry can monitor ports and is able to block them if you ask it to do so. It provides you with different operating modes, some of them being specific to some OSes. As a matter of fact, OSes means Linux. Portsentry is able to benefit from packet filtering provided with ipfwadm, ipchains or iptables according to the Linux kernel you have. This is true for other Unix flavors using different tools (back on this later). There we are : portsentry greatest feature probably is "auto-blocking".

Complete Story

Related Stories: