Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 47
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
computer will open a connection to a "port" on another computer, and thus be able to exchange data via the
connection that has been established between their respective ports.
Getting back to the phone analogy, and stretching it a bit, think of calling a large organization with a complex
phone system. The organization has many "departments": sales, shipping, billing, receiving, customer
service, R&D, etc. Each department has it's own "extension" number. So the shipping department might be
extension 21, the sales might be department 80 and so on. The main phone number is the IP Address, and the
department's extension is the port in this analogy. The "department's" number is always the same when we
call. And generally they can handle many simultaneous incoming calls.
The data itself is contained in "packets", which are small chunks of data, generally 1500 bytes or less each.
Packets are used to control and organize the connection, as well as carry data. There are different types of
packets. Some are specifically used for controlling the connection, and then some packets carry our data as
their payload. If there is a lot of data, it will be broken up into multiple packets which is almost always how it
works. The packets will be transmitted one at a time, and then "re−assembled" at the other end. One web
page for instance, will take many packets to transmit −− maybe hundreds or even thousands. This all happens
very quickly and transparently.
We can see a typical connection between two computers in this one line excerpt from netstat output:
tcp 30 0 169.254.179.139:1359 18.29.1.67:21 CLOSE_WAIT
The interesting part is the IP addresses and ports in the fourth and fifth columns. The port is the number just
to the right of the colon. The left side of the colon is the IP address of each computer. The fourth column is
the local address, or our end of the connection. In the example, 169.254.179.139 is the IP address assigned by
my ISP. It is connected to port 21 (FTP) on 18.29.1.67, which is rpmfind.net. This is just after an FTP
download from rpmfind.net. Note that while I am connected to their FTP server on their port 21, the port on
my end that is used by my FTP client is 1359. This is a randomly assigned "unprivileged" port, used for my
end of the two−way "conversation". The data moves in both directions: me:port#1359 <−> them:port#21. The
FTP protocol is actually a little more complicated than this, but we won't delve into the finer points here. The
CLOSE_WAIT is the TCP state of the connection at this particular point in time. Eventually the connection
will close completely on both ends, and netstat will not show anything for this.
The "unprivileged" port that is used for my end of the connection, is temporary and is not associated with a
locally running server. It will be closed by the kernel when the connection is terminated. This is quite
different than the ports that are kept open by "listening" servers, which are permanent and remain
"open" even after a remote connection is terminated.
So to summarize using the above example, we have client (me) connecting to a server (rpmfind.net), and the
connection is defined and controlled by the respective ports on either end. The data is transmitted and
controlled by packets. The server is using a "privileged" port (i.e. a port below number 1024) which stays
open listening for connections. The "unprivileged" port used on my end by my client application is
temporary, is only opened for the duration of the connection, and only responds to the server's port at the
other end of the connection. This type of port is not vulnerable to attacks or break−ins generally speaking.
The server's port is vulnerable since it remains open. The administrator of the FTP server will need to take
appropriate precautions that his server is secure. Other Internet connections, such as to web servers or mail
servers, work similar to the above example, though the server ports are different. SMTP mail servers use port
25, and web servers typically use port 80. See the Ports section for other commonly used ports and services.
Security Quick−Start HOWTO for Red Hat Linux
8. Appendix 44
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
© 2020, manymanuals.it. Tutti i diritti riservati | 0.023 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale