Sunday, August 12, 2007

Port Scans

I've honestly never used a firewall before in Kubuntu (or on my Xubuntu system), frankly because I don't need it. Well, at least I've never found any reason to use it. But now that my system's open to anyone (used SmartBro before that forces subscribers behind NAT), I don't want to risk a break-in, especially after being informed that Ubuntu is indeed crack-able for systems with open ports... and I've been hosting servers on my system (for learning purposes mostly- LAMP, IRCD, Jabber, Telnet, SMTP, POP3, etc. etc.).

I first installed Guardog but uninstalled it the next day since I found TSL'd SMTP connection via port 465 and/or 587 - Gmail!

I next installed FWBuilder. It's a really nice application and it did secure my system, but lacks graphical monitoring capability that'll allow me to see who's logged in to what port.

I next tried Firestarter - whoa! Really nice piece of software and it does fit my needs. I've been using it for a few days now and haven't regretted it. I'm just quite concerned that Firestarter replaces IPTables with its own script (or something), but it won't matter as long as it secures my system - and it really did. Look at the log below - it blocked port scans:



For added security, I've setup my router to only forward specific ports. I don't like DMZ so I used Virtual Server. This way, I know exactly what ports are open.

Blogged with Flock