| Linode Forum https://forum.linode.com/ |
|
| Default open port to newly created node https://forum.linode.com/viewtopic.php?f=19&t=10265 |
Page 1 of 1 |
| Author: | hamba [ Sun Jul 21, 2013 1:19 am ] |
| Post subject: | Default open port to newly created node |
Hello, I'm a new linode customer, just created new node debian 7.0 few days ago, configed basic security, installed some package afterwards. I'm just wondering about the open port list that I got from nmapping my linode host from own computer. Code: PORT STATE SERVICE I have basic linux skill but not so advanced. How do I close these ports? Is there any ports above that linode might use internally, so I just let it there open? |
|
| Author: | dcraig [ Sun Jul 21, 2013 1:57 am ] |
| Post subject: | Re: Default open port to newly created node |
It is possible that most of the ports you listed are filtered either by your ISP, Linode's ISP, or some network in between. For those, you would need to do nothing to close them. If you are, indeed, running a service that listens on one of the ports you've listed (and you're now bothered that you've chosen to do this), you could stop running that service or have it bind to a different port or interface. |
|
| Author: | dcraig [ Sun Jul 21, 2013 2:08 am ] |
| Post subject: | Re: Default open port to newly created node |
I forgot to answer your last question. You do not need to leave any ports accessible. You can block them all or disable networking entirely (people do this by accident occasionally). |
|
| Author: | Piki [ Sun Jul 21, 2013 9:10 am ] |
| Post subject: | Re: Default open port to newly created node |
I think by default the Linux firewall (called iptables) has everything open on new installs. If you new how to use iptables, that would be how you close them. Better yet, log in via Lish, set iptables to block everything by default, and allow what you know you need. If you need help with this, let us know. iptables isn't very complicated, it just seems complicated to new users. |
|
| Author: | IceClimber [ Sun Jul 21, 2013 9:22 am ] |
| Post subject: | Re: Default open port to newly created node |
Is Lish more secure than ssh? I was wondering because I'm interested in closing all possible ports. I have a new node and it seems that I'm already getting scanned. |
|
| Author: | Piki [ Sun Jul 21, 2013 9:44 am ] |
| Post subject: | Re: Default open port to newly created node |
IceClimber wrote: Is Lish more secure than ssh? I was wondering because I'm interested in closing all possible ports. I have a new node and it seems that I'm already getting scanned. Would be better in a new topic. It is generally cosnidered rude to hijak someone else's thread. I can't speak for the browser client, but Lish itself can be accessed directly via ssh. Since ssh is just as secure as ssh, Lish via ssh should be just as secure as ssh to directly to your Linode. The only real advantage to using Lish is that you save bandwidth on your Linode. Otherwise, you'd be better ssh'ing directly to your Linode. Lish provides a small viewing area for, e.g. command output or text editors (e.g. nano/vim/etc.) where ssh directly to your Linode lets you use your entire screen. If you're concerned about leaving ssh open, change the port it's running on, disable root logins, and require the use of ssh keys. |
|
| Author: | Main Street James [ Sun Jul 21, 2013 9:49 am ] |
| Post subject: | Re: Default open port to newly created node |
IceClimber wrote: Is Lish more secure than ssh? I was wondering because I'm interested in closing all possible ports. There's no reason you can't keep both open. If there's ever a problem (such as you can't log into Linode) then you'd want an alternate form of access. You can always change the SSH port, limit who can log into SSH, restrict it to specific IPs, use public key authentication, etc, etc. I'm sure there are many on this forum who are more versed in this stuff than I am and who could point you to tutorials. IceClimber wrote: I have a new node and it seems that I'm already getting scanned. Every IP address on the internet gets scanned. They scan blocks of IP addresses - sometimes randomly, other times it's because the IPs belong to a hosting company or a services company, etc. Make sure you use a very strong password for any account that can access SSH. You can prevent root from logging into SSH, and even limit it to one user name (which can be as random or crazy as you'd like). Tight security is essential, but limiting your options to the point of potentially locking yourself out of your own server is not usually a good idea. |
|
| Author: | hamba [ Tue Jul 23, 2013 12:34 am ] |
| Post subject: | Re: Default open port to newly created node |
Ok thanks for the replies, I use iptables to close all the unneeded ports. If you search 'quick and dirty iptables', there's an iptables guide from another vps provider, could be useful for initial quick iptables rule. |
|
| Author: | zunzun [ Tue Jul 23, 2013 6:20 am ] |
| Post subject: | Re: Default open port to newly created node |
deleted |
|
| Author: | Piki [ Tue Jul 23, 2013 7:00 am ] |
| Post subject: | Re: Default open port to newly created node |
zunzun wrote: Piki wrote: It's rude to hijak someone else's thread. You imply that he engaged in rude forum behavior without directly stating so - the mark of a forum coward. Note that I implied that you are a coward without stating so directly - ha, ha, ha. James Except I didn't imply anything, therefor you didn't imply anything. It is obvious that the thread was hijaked, both by you and a newcomer, and I was simply stating politely something a newcomer may not know about the forum community. It is only a coward that insults someone from behind the safety of his computer. It is also the mark of a coward to hijak an already hijaked forum thread to send his insults. Note that I implied that you are a coward without directly saying so. And in this case, while I did send an insult your way, I also spoke truth -- something which, in today's society, is more courage than cowardice. |
|
| Author: | zunzun [ Tue Jul 23, 2013 7:26 am ] |
| Post subject: | Re: Default open port to newly created node |
deleted |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|