Find the answer to your Linux question:
Results 1 to 5 of 5
Hi, I am using Suse 9.1 but this question could apply to any Distro. I check my Firewall at www.grc.com using shieldsup, (yes I used to use windows). Ports 21 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2004
    Location
    Wolverhampton UK
    Posts
    5

    Monitoring Internet Traffic advice please


    Hi, I am using Suse 9.1 but this question could apply to any Distro.
    I check my Firewall at www.grc.com using shieldsup, (yes I used to use windows).
    Ports 21 (FTP), 23 (telnet),80 (Http, and ports 254,255 are open, the rest are closed ,so even the closed ports are telling the rest of the world of my presence. I could be completely stealthed using WWW,sygate.com free fire wall for windows.
    So I feel vulnerable, I have installed Suse Firewall it is configured to protect an internet machine. Is anything untoward going on?
    I have used lsof -i to show SunRPC is open on ports 3824 and 3825.
    Looking up SunRpc says it is dangerous to have open!!!
    So what sort of activity is going on?
    With Sygate I could allow /disallow specific programs access and I would get a pop up box asking me if program xxx should be allowed to access the internet.
    Is there a similar program I could install on my machine for Linux?
    I have several Linux Distro's, Mandrake 10,Debian Sarge,Fedora Core 2, Suse 9.1, Slackware10, Gentoo 2004.1 etc.
    It would be reassuring to have control so that I could monitor internet activity without wading through masses of log files.
    For all I know at this point in time my machine could be a spam engine!!
    Please can you suggest some Apt's /RPMs that I should look at to give me more comfort.

    Mad Malc

  2. #2
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    kill sunrpc, if nothing on your machine breaks, uninstall it.

    No, there is nothing that gives you a false sense of security on linux like sygate does on windows as far as i know.

    Jason

  3. #3
    Linux Newbie
    Join Date
    Aug 2004
    Location
    Houston Texas
    Posts
    192
    nmap, ethereal, netstat. Anything is not actived by administrator you can shot it down. Plus remember "chkconfig --del service-name" to make sure it won't run again automatic after you restart your computer.

  4. #4
    Linux Newbie
    Join Date
    Jan 2004
    Location
    Belgrade, S&M
    Posts
    177
    You should try nessus -- it is a really good prog - scans for a lot of exploits. For monitiring IMHO ethereal is the best, but iptraf, tcpdump are also good - then you have snort and maybe dsniff.... Although netstat should provide a nice overview...

  5. #5
    Linux Guru kkubasik's Avatar
    Join Date
    Mar 2004
    Location
    Lat: 39:03:51N Lon: 77:14:37W
    Posts
    2,396
    nmap is simple to use, and quite effective, just go nmap 127.0.0.1.
    Avoid the Gates of Hell. Use Linux
    A Penny for your Thoughts

    Formerly Known as qub333

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •