port blocking

[J--]

hi i got a question for ports, though i haven't quite installed linux yet because my optical drive is being in inefficacious piece of slag

anyway, as i used windows i liked to port scan myself (using cports) to determine how many ports were open, and if one was open that i didn't want, i'd close it to keep out the hackers. Windows had a nasty habit of always keeping 4 groups open, one for its updates, one for the telephony or fax or whatever... and i'd always snap em shut

my question is, if i keep ALL my ports closed while im not at the computer, is that enough to keep out hackers? or is there a way they could circumvent their way in with just an ip address?

(btw my ultimate way of keeping my computer safe is that i just dont keep sensitive info on it)

[anomie]

my question is, if i keep ALL my ports closed while im not at the computer, is that enough to keep out hackers? or is there a way they could circumvent their way in with just an ip address?

With or without a host-level firewall, if you have no daemons listening on tcp/udp ports (on external interfaces) then you have already made yourself somewhat of a hardened target. (Use netstat -atun to see what is listening and where; as root, add the -p option for the daemon name.)

That said, if some vulnerability is discovered in the tcp/ip stack on the Linux box you're using (rare, but always possible), there's a chance something nasty could happen. e.g.: An icmp smurf attack, where your box is used against your will to hammer someone else.

I'd also add that the greatest chance of you suffering some sort of compromise will come from your userland applications - i.e. your web browser and multimedia apps. Get on your distro's security mailing list, and keep up with security fixes. That's important.