Make Debian Fun Again And Learn How To Do Other Cool Stuff Too

User Tools

Site Tools

Trace:
start:firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
start:firewall [2022/05/11 14:55] peterstart:firewall [2023/09/01 13:43] (current) peter
Line 1: Line 1:
-On Ubuntu and Debian the process is identical, so just open a terminal and type:+DATE CHECKED THIS PAGE WAS VALID: 01/09/2023  
 + 
 +Open a terminal and type:
  
 <code> <code>
Line 5: Line 7:
 </code> </code>
  
-Once installed just run gufw from the terminal. Make sure you change status to on. In order to open a port just go to rules and an advanced rule opening port 22 would be something like:+Once installed just run 'gufwfrom the terminal. Make sure you change status to on. In order to open a port just go to rules and an advanced rule opening port 22 would be something like:
  
 Name: SSH Name: SSH
Line 34: Line 36:
  
 <code> <code>
-sudo lsof -i -P -n | grep LISTEN+sudo lsof -i -P -n | grep 'LISTEN\|UDP'
 </code> </code>
  
 So here is the output: So here is the output:
 +
 +{{:images:fwaudit.png?400|}}
  
 Relevant info is this: Relevant info is this:
 <code> <code>
 +aragorn@Aragorn:~$ sudo lsof -i -P -n | grep 'LISTEN\|UDP'
 +avahi-dae    1230        avahi   12u  IPv4   21240      0t0  UDP *:5353 
 +avahi-dae    1230        avahi   13u  IPv6   21241      0t0  UDP *:5353 
 +avahi-dae    1230        avahi   14u  IPv4   21242      0t0  UDP *:47819 
 +avahi-dae    1230        avahi   15u  IPv6   21243      0t0  UDP *:47292 
 sshd         1356         root    3u  IPv4   21334      0t0  TCP *:22 (LISTEN) sshd         1356         root    3u  IPv4   21334      0t0  TCP *:22 (LISTEN)
 sshd         1356         root    4u  IPv6   21336      0t0  TCP *:22 (LISTEN) sshd         1356         root    4u  IPv6   21336      0t0  TCP *:22 (LISTEN)
 +dnsmasq      1593       nobody    3u  IPv4   29098      0t0  UDP *:67 
 +dnsmasq      1593       nobody    5u  IPv4   29101      0t0  UDP 192.168.121.1:53 
 dnsmasq      1593       nobody    6u  IPv4   29102      0t0  TCP 192.168.121.1:53 (LISTEN) dnsmasq      1593       nobody    6u  IPv4   29102      0t0  TCP 192.168.121.1:53 (LISTEN)
 +dnsmasq      1639       nobody    3u  IPv4   27149      0t0  UDP *:67 
 +dnsmasq      1639       nobody    5u  IPv4   27152      0t0  UDP 192.168.122.1:53 
 dnsmasq      1639       nobody    6u  IPv4   27153      0t0  TCP 192.168.122.1:53 (LISTEN) dnsmasq      1639       nobody    6u  IPv4   27153      0t0  TCP 192.168.122.1:53 (LISTEN)
 teamviewe    2195         root   12u  IPv4   41331      0t0  TCP 127.0.0.1:5939 (LISTEN) teamviewe    2195         root   12u  IPv4   41331      0t0  TCP 127.0.0.1:5939 (LISTEN)
Line 51: Line 64:
 cupsd      425618         root    7u  IPv6 3274437      0t0  TCP [::1]:631 (LISTEN) cupsd      425618         root    7u  IPv6 3274437      0t0  TCP [::1]:631 (LISTEN)
 cupsd      425618         root    8u  IPv4 3274438      0t0  TCP 127.0.0.1:631 (LISTEN) cupsd      425618         root    8u  IPv4 3274438      0t0  TCP 127.0.0.1:631 (LISTEN)
 +cups-brow  425667         root    7u  IPv4 3276300      0t0  UDP *:631 
 +teams      886490      aragorn   68u  IPv6 5213037      0t0  UDP *:50532 
 +firefox    888388      aragorn   75u  IPv4 6082652      0t0  UDP *:57711 
 +firefox    888388      aragorn  143u  IPv4 6100036      0t0  UDP *:48078 
 nxplayer. 1049675      aragorn   27u  IPv4 5971216      0t0  TCP 127.0.0.1:52574 (LISTEN) nxplayer. 1049675      aragorn   27u  IPv4 5971216      0t0  TCP 127.0.0.1:52574 (LISTEN)
 nxclient. 1049735      aragorn    6u  IPv4 5973212      0t0  TCP 127.0.0.1:48595 (LISTEN) nxclient. 1049735      aragorn    6u  IPv4 5973212      0t0  TCP 127.0.0.1:48595 (LISTEN)
 +nxclient. 1049735      aragorn   13u  IPv4 5964685      0t0  UDP *:5353 
 +nxclient. 1049735      aragorn   14u  IPv4 5964686      0t0  UDP *:53446 
 +nxclient. 1049735      aragorn   15u  IPv4 5964687      0t0  UDP *:56363 
 +nxclient. 1049735      aragorn   16u  IPv4 5964688      0t0  UDP *:54367 
 +nxclient. 1049735      aragorn   17u  IPv4 5974179      0t0  UDP *:38458 
 +nxclient. 1049735      aragorn   24u  IPv4 5974180      0t0  UDP 192.168.2.12:47905->192.168.2.2:1900 
 +aragorn@Aragorn:~$ 
 </code> </code>
  
-So assuming we had no firewall setup we can determine a few things. +So assuming we had no firewall setup we can determine a few things: \\ 
-1) SSH is listening on port 22 for IPv4 and 6+1) MDNS might respond on UDP 5353 and 47819/47292. I can be hard to know with UDP sometimes\\ 
-2) My box would reply to other clients with DNS information if queried on TCP 53 for some reason+2) My box is listening on port 22 TCP for SSH connections\\ 
-3) A program 'teamviewer' is listening on 5939 +3) My box has several DNS related ports open it might respond to. \\ 
 +4) A program 'teamviewer' is listening on 5939. \\ 
 +5) Two virtual machines are running and you can VNC to them on 5900 and 5901. \\ 
 +6) Gnome DE will accept a connection from an RDP client to view my machines screen. \\ 
 +7) Firefox is doing 'something'. \\ 
 +8) No machine player is listening on various ports (this is similar to RDP but an alternative method). \\ 
 + 
 +So there is quite a lot we found. We should ensure that anything we dont trust is closed, or at least that the ports are blocked by our firewall. 
 + 
 +Here is my firewall rules in the GUI app: 
 + 
 +{{:images:fwrulewehave.png|}} 
 + 
 +From this image we see that my only open ports are: \\ 
 +22 for ssh \\ 
 +4000 for nx \\ 
 +3389 for rdp \\ 
 + 
 +So we can see there is some discrepancy between my rules and what is listening.  
 + 
 +So in my case I am intelligently reviewing the rules and only changing what is appropriate. I decided to delete rule opening port 4000 from the firewall application and remove the teamviewer application from my box so that it is not listening or doing anything on my box. I felt this was appropriate in my case, however you might make different or more or less changes.
start/firewall.1652280912.txt.gz · Last modified: 2022/05/11 14:55 by peter

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki