1 |
On 09/05/2009 12:56 PM, Dale wrote: |
2 |
> Hi, |
3 |
> |
4 |
> As some may know already, I recently got DSL. It's not a super fast |
5 |
> connection by broadband standards but it does mean that my box may be |
6 |
> easier to find for a hacker. So, I have a few questions about |
7 |
> security. I think I am OK but want to make sure. |
8 |
> |
9 |
> 1: I have a good root password. It's not something someone would guess |
10 |
> for sure. Nothing related to my history, birthdays or anything. It is |
11 |
> still fairly easy for me to type tho. |
12 |
|
13 |
That's always a good idea. But if you have SSH disabled, then it |
14 |
doesn't really matter. And with SSH enabled, root login is disabled by |
15 |
default, so... |
16 |
|
17 |
|
18 |
> 2: I went to this link: https://www.grc.com/x/ne.dll?bh0bkyd2 |
19 |
> According to that site my ports are in "stealth" mode which is good from |
20 |
> what I understand. |
21 |
|
22 |
"Stealth" ports give problems with p2p and file transfers (MSN and the |
23 |
like). A stealthed port means you can't be reached. Even if you want |
24 |
to be reached. If you encounter problems, for example no one can send |
25 |
you a file from IRC/MSN/etc you know what to blame. |
26 |
|
27 |
Also, even with "stealthed" ports, it's still possible to find you. |
28 |
When someone pings your machine, and you never reply, and nothing else |
29 |
replies, it means you're there :) That because if you're really not |
30 |
there, your ISP will reply to the pinger with "that IP is not there." |
31 |
If that doesn't happen, the pinger knows you're there and hiding behind |
32 |
your finger :) |
33 |
|
34 |
But some ISPs don't send that "no there" reply to the pinger, so in |
35 |
those cases, "stealth" ports might make sense. |
36 |
|
37 |
|
38 |
> 3: I have no servers running here. No Apache, MySql, or any of that. |
39 |
> I also have turned off/stopped ssh since I have only one box at the |
40 |
> moment. |
41 |
|
42 |
Then "stealth" ports are a bit useless since nothing is listening on |
43 |
those ports anyway. |
44 |
|
45 |
|
46 |
> The DSL modem I am using is the Motorola 2210. It seems to be a gateway |
47 |
> thing. I have no router at the moment but if I build a new rig I will |
48 |
> be getting one then. Most likely a Linksys or something. I'll post |
49 |
> here before getting one anyway. ;-) |
50 |
|
51 |
I think the Motorola *is* a router. That means you can just buy a cheap |
52 |
ethernet switch, connect it to the 2210 and then connect the machines to |
53 |
the switch and the 2210 will route everything just fine. |