From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Mk1ci-0001QZ-K6 for garchives@archives.gentoo.org; Sat, 05 Sep 2009 20:12:36 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E8B4DE095A; Sat, 5 Sep 2009 20:12:34 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id A48C5E095A for ; Sat, 5 Sep 2009 20:12:34 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 58E87665B4 for ; Sat, 5 Sep 2009 20:12:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -3 X-Spam-Level: X-Spam-Status: No, score=-3 required=5.5 tests=[AWL=-0.401, BAYES_00=-2.599] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53VL9SuestuT for ; Sat, 5 Sep 2009 20:12:27 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 8F434646EE for ; Sat, 5 Sep 2009 20:12:24 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1Mk1cU-00076O-M3 for gentoo-user@gentoo.org; Sat, 05 Sep 2009 22:12:22 +0200 Received: from athedsl-386504.home.otenet.gr ([79.131.61.198]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 05 Sep 2009 22:12:22 +0200 Received: from realnc by athedsl-386504.home.otenet.gr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 05 Sep 2009 22:12:22 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Nikos Chantziaras Subject: [gentoo-user] Re: Making sure I am a good netizen and secure. Date: Sat, 05 Sep 2009 23:11:56 +0300 Organization: Lucas Barks Message-ID: References: <4AA235B9.90306@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: athedsl-386504.home.otenet.gr User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090826 Thunderbird/3.0b3 In-Reply-To: <4AA235B9.90306@gmail.com> Sender: news X-Archives-Salt: 39dddb66-bdcd-4d1a-b13d-937ed7b4d339 X-Archives-Hash: 0e89749a1ae9592c772d0c912d6bc919 On 09/05/2009 12:56 PM, Dale wrote: > Hi, > > As some may know already, I recently got DSL. It's not a super fast > connection by broadband standards but it does mean that my box may be > easier to find for a hacker. So, I have a few questions about > security. I think I am OK but want to make sure. > > 1: I have a good root password. It's not something someone would guess > for sure. Nothing related to my history, birthdays or anything. It is > still fairly easy for me to type tho. That's always a good idea. But if you have SSH disabled, then it doesn't really matter. And with SSH enabled, root login is disabled by default, so... > 2: I went to this link: https://www.grc.com/x/ne.dll?bh0bkyd2 > According to that site my ports are in "stealth" mode which is good from > what I understand. "Stealth" ports give problems with p2p and file transfers (MSN and the like). A stealthed port means you can't be reached. Even if you want to be reached. If you encounter problems, for example no one can send you a file from IRC/MSN/etc you know what to blame. Also, even with "stealthed" ports, it's still possible to find you. When someone pings your machine, and you never reply, and nothing else replies, it means you're there :) That because if you're really not there, your ISP will reply to the pinger with "that IP is not there." If that doesn't happen, the pinger knows you're there and hiding behind your finger :) But some ISPs don't send that "no there" reply to the pinger, so in those cases, "stealth" ports might make sense. > 3: I have no servers running here. No Apache, MySql, or any of that. > I also have turned off/stopped ssh since I have only one box at the > moment. Then "stealth" ports are a bit useless since nothing is listening on those ports anyway. > The DSL modem I am using is the Motorola 2210. It seems to be a gateway > thing. I have no router at the moment but if I build a new rig I will > be getting one then. Most likely a Linksys or something. I'll post > here before getting one anyway. ;-) I think the Motorola *is* a router. That means you can just buy a cheap ethernet switch, connect it to the 2210 and then connect the machines to the switch and the 2210 will route everything just fine.