You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2008-12-28 17:27:47
- peets
- Member
- From: Montreal
- Registered: 2007-01-11
- Posts: 936
- Website
what are "open ports"?
I'm setting up my home network so that I can ssh into my archlinux box from anywhere outside, so I'm reading up a bit on network security.
A lot of authors mention "open ports". Does that mean anything? The way I understand it, a port is open if there is some program listening on it and accepting the bits sent to it, maybe sending some sort of response. But I've read mention of "net services" and "deamons"; so when someone says "open ports", do they mean something more?
Offline
#2 2008-12-28 17:36:54
- whordijk
- Member
- From: the Netherlands
- Registered: 2008-12-12
- Posts: 147
- Website
Re: what are "open ports"?
The key to a successful SSH session on your Arch Linux box is forwarding ports. You should check your router settings and make sure the port used for your SSH connection (22 by default) is forwarded to your Arch Linux box. That way, when you SSH to your external IP address from any location, the Arch Linux box handles that SSH session.
Offline
#3 2008-12-28 18:00:03
- jacko
- Member
- Registered: 2007-11-23
- Posts: 840
Re: what are "open ports"?
FFS, talk about security, don't use sshd running on port 22.
Always use RSA authentication with sshd on some random port say, 22020.
You can keep a config file in ~/.ssh to make it easier to connect to your ssh sessions
Offline
#4 2008-12-28 18:36:41
- string
- Member
- Registered: 2008-11-03
- Posts: 286
Re: what are "open ports"?
FFS, leave security by obscurity to the people at Microsoft, kthnx.
Offline
#5 2008-12-28 19:22:46
- .:B:.
- Forum Fellow
- Registered: 2006-11-26
- Posts: 5,819
- Website
Re: what are "open ports"?
FFS, leave security by obscurity to the people at Microsoft, kthnx.
There's nothing wrong with obscurity. Of course it makes things more difficult for users with good intentions, but for people with bad intentions alike 
. Not having your SSH server listening on port 22 saves you from a lot of bots scanning you and stuff.
Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy
Offline
#6 2008-12-28 19:45:50
- string
- Member
- Registered: 2008-11-03
- Posts: 286
Re: what are "open ports"?
I'm afraid I can't and won't agree. Obscurity is wrong and shouldn't be considered "security" in the first place. Properly secured box: YES PLEASE. Improperly, obscurity-enhanced box: NO THANK YOU. To each their own.
Offline
#7 2008-12-28 20:21:13
- peets
- Member
- From: Montreal
- Registered: 2007-01-11
- Posts: 936
- Website
Re: what are "open ports"?
I'm afraid I can't and won't agree. Obscurity is wrong and shouldn't be considered "security" in the first place. Properly secured box: YES PLEASE. Improperly, obscurity-enhanced box: NO THANK YOU. To each their own.
string, all security is obscurity: you rely on people not knowing your password and not knowing your private key; that's obscurity right there --or maybe a better term is 'secrecy'. The more layers of obscurity/secrecy there are, the less probable it is to be had.
I'm going to forward the ssh port to my arch machine, run knockd on the router/firewall, and allow only a certain key to connect (the key I will have on my mobile computer), with a password.
I've thought a bit more about the original question; I guess people call "open ports" whatever ports are not blocked by the firewall AND have a program responding to them. Is this right?
Offline
#8 2008-12-28 21:33:56
- string
- Member
- Registered: 2008-11-03
- Posts: 286
Re: what are "open ports"?
Ok, changed my mind (2nd time today) -- I don't want to hijack the thread. peets: your post made me laugh my terminating '\0' off, good one.
Last edited by string (2008-12-28 21:39:48)
Offline
#9 2009-04-16 08:14:56
- cb474
- Member
- Registered: 2009-04-04
- Posts: 469
Re: what are "open ports"?
I'm a bit confused about open ports too. I was just setting up ssh, just so I could transfer files between computers on my home network. But then I'm wondering, when I take these laptops out to other places and get on wifi (without the firewall of my router), will they be insecure as long as the ssh server I set up is running?
Just to test this question, I hooked my machines directly up to my broadband modem (without my router) and went to the Shields Up! website (https://www.grc.com/x/ne.dll?bh0bkyd2) and had it probe the port that I set ssh to use. It showed that port as "stealth" (not visible to the probe at all). So does this mean I have nothing to worry about?
Last edited by cb474 (2009-04-16 08:19:07)
Offline
Pages: 1