[TriLUG] iptables & FUD

[Steve Litt]

On Sun, 28 Apr 2013 18:07:38 -0400
Alan Porter <porter at trilug.org> wrote:

> 
> >> Don't do that!
> >>
> >> How long were you on the net without protection? It's possible your
> >> machine is now compromised.
> 
> This is an over-reaction.

That's a matter of opinion. I've made a rule *never* to put my car keys
down in the trunk of my car. One could argue that's an over-reaction --
as long as I pick up the keys, I'm cool. But me, I have a policy
*never* to place my car keys in the trunk, even for a second.

> 
> It's important to know what iptables protects you from, and what it
> does not.
> 
> If you have only two services listening, then those are the only two 
> services that will accept network connections. 

Yes.

As you mentioned later in your email, it's a darn good idea to verify
what ports are open. You did it with netstat, I do it with nmap.

So you're right. If one *knows* which ports are open and knows those
ports aren't dangerous (I prefer not to have a Net facing NFS server,
for instance), then my reaction might have been over the top, and
certainly my worry that the machine's now compromised was an over
reaction.

My experience with Linux distros tells me that servers are often
"helpfully" installed for me, so verifying who is listening and who is
not is a must before going onto the net without protection.

All that being said, personally, I still would not connect a machine of
any time to the net without a firewall. I might leave the wrong server
running, just like I might accidentally close the trunk.

Thanks,

SteveT

Steve Litt                *  http://www.troubleshooters.com/
Troubleshooting Training  *  Human Performance