[SOLVED]Can attackers penetrate my pc ?

seth · 2025-12-15 19:31:52

Can you tell me how ?

Check "ip a" for whether you have a globally routable IPv6 and then scan that from a host outside your LAN.

just 1. the ssh thing. just it.

https://en.wikipedia.org/wiki/XY_problem

Am i running ssh server ? How to close http tho ? yeah should close mysql.

tcp     LISTEN   0        128                                       0.0.0.0:22             0.0.0.0:*                                                  ino:8750 sk:3 cgroup:/system.slice/sshd.service <->
tcp     LISTEN   0        511                                             *:443                  *:*                                                  ino:10626 sk:9 cgroup:/system.slice/httpd.service v6only:0 <->
tcp     LISTEN   0        511                                             *:8080                 *:*                                                  ino:10608 sk:b cgroup:/system.slice/httpd.service v6only:0 <->

PORT     STATE SERVICE
22/tcp   open  ssh
443/tcp  open  https
3306/tcp open  mysql
3389/tcp open  ms-wbt-server
8080/tcp open  http-proxy

How can you not know that?

jojo06 · 2025-12-15 19:50:18

https://en.wikipedia.org/wiki/XY_problem

"I though im the high one Ok i guess its 10th time or smt ? Let me ask and specify again."
I was going to say. But not we digging that problem. Now there is only one. So far so good.
Even tho let me remind again: `my only concern is my pc not the server or anything else`
im only worried because my pc is allow connection from internet via ssh

Check "ip a" for whether you have a globally routable IPv6 and then scan that from a host outside your LAN.

In the result of `ip a` cant see any ip nor IPv6. But i saw `inet6` in lo and in wifi router. But only in wifi adaptor table has something like ip. Is it filtered or mac address type ? Its like: xx:xx:xx:xx and x's are numbers.

`https://pentest-tools.com/network-vulnerability-scanning/port-scanner-online-nmap` is any good ? Do i need to scan for UDP too ?

For local dev i forgot mysql open. But it shouldn't be available for internet access. Its was for developing projects. I cant connect any server without ssh allowed. Or wrong ? OR: I might be try to connect my other pc with ssh and i should close it now.
I was using 443 for https. I dont remember `ms-wbt-server` or what it is. 8080 for development, atlas or proxy for ssl or smt. I dont remember that neither.

Well it taught me a lot. I really forget these ports on pc. But again it shouldn't be accept any request from internet. For example; psql in server has a config file for asking these. I cant access my db without connecting the server and inside. Otherwise i could be able to connect like : `psql://server_ip/` but config is not allowing this. Yeap i tried too.

Or im wrong and/or its still dangerous/vuln to leave open this ports on pc ?

seth · 2025-12-15 20:00:59

https://deelp.com/
https://en.wikipedia.org/wiki/IPv6

jojo06 · 2025-12-15 20:19:49

Oh, I see! Can I test it using my phone's internet? Also, is a UDP scan necessary?

Does that open ports on a pc a pose a threat?

EDIT: In UDP 500 and 4500 ports are open.

sudo nft flush ruleset

sudo nft add table inet filter
sudo nft add chain inet filter input '{ type filter hook input priority 0; policy drop; }'

sudo nft add rule inet filter input iif lo accept
sudo nft add rule inet filter input ct state established,related accept
sudo nft add rule inet filter input icmp type echo-request accept

Should i run these commands ? I will test the IPv6. BTW i dont have static ip.

Last edited by jojo06 (2025-12-16 13:28:09)

seth · 2025-12-16 15:36:48

500 is https://de.wikipedia.org/wiki/Internet_ … t_Protocol
4500 is https://datatracker.ietf.org/doc/html/rfc3947
But I suspect you're not running a key server on your router but your ISP uses them for remote management.

Should i run these commands ?

Do you understand what they do?
Do you think it's a good idea to type random stuff you don't understand into an interactive shell?
https://wiki.archlinux.org/title/Nftabl … e_firewall

jojo06 · 2025-12-16 17:52:26

Do you understand what they do?

Not really. I came across it when researching IPv6 connection and SSH port security. Thats why im asking.
And how about UDP ports and the TCP ones ?

Can I test it using my phone's internet? It will be outside of LAN no ?

I dont know about key server. All ISP services does that or just turkey or its just mine ? And should i close it ?
Its really confusing me man, im lost.

I still dont now can my pc receive ssh or not. And this ports can cause trouble ? I closed mysql.

Also about ISP they refuse the manage themselves. They say: "we cant control/do anything from here" so its another suspicion. Either they lie/bad at their job or worse
So i dont know what to do.

I would plan:
1-) Test via phone internet for IPv6
2-) And.. which ports will be closed ?

EDIT: I was going to scan IPv6 but in the output of `ip a` wifi interface with inet6 is not showing `scope global`. And its `inet` has localhost ip number starts with 196.
I got ethernet interface(not using now) which is DOWN and it doesn't has `scope global neither` but has xx:...(ipv6) and says `link/ether...`
Is that means IPv6 not on(not serving) ?

`ip -6 route` output is NOT giving this kind of result neither:
`default via fe80::xxxx dev wlp...`

its similar to this:
`fe80::1 dev wlp3s0 proto kernel metric 1024`
So IPv6 not open to internet ?

Last edited by jojo06 (2025-12-17 01:50:41)

seth · 2025-12-17 20:21:23

Not really. I came across it when researching IPv6 connection and SSH port security. Thats why im asking.

You'll be better off using a higher-level firewall like ufw or firewalld than jamming rules in there.

Also https://archlinux.org/packages/extra/x86_64/nftables/ comes w/ a pretty strict default firewall (that however allows ssh)
https://gitlab.archlinux.org/archlinux/ … type=heads
But nb. that this will affect your LAN connections, too.

Can I test it using my phone's internet? It will be outside of LAN no ?

If your phone isn't connected to the internet via the same WLAN, yes.

All ISP services does that or just turkey or its just mine ?

It is pretty common for ISPs to remotely maintain their issued modem/router combos - in that case you'll also not be able to close those ports.
Though

"we cant control/do anything from here"

is that even an ISP issued modem/router combo ?

I still dont now can my pc receive ssh or not

Why are you running sshd itfp?
Disable the sshd.service, problem solved?

the output of `ip a` wifi interface with inet6 is not showing `scope global`.

fe80::* is a link-local address.
Post the first segments of your IPv6 addresses (before the first colon ":")

So IPv6 not open to internet ?

From the data you posted: no. If there isn't more then you don't have an IPv6 WAN IP

jojo06 · 2025-12-17 20:36:47

You'll be better off using a higher-level firewall like ufw or firewalld than jamming rules in there.

After reading this i installed ufw right away.

Why are you running sshd itfp?
Disable the sshd.service, problem solved?

To use ssh connection. Its the main problem actually. I want to learn in this current state can my pc accessed via ssh ?

is that even an ISP issued modem/router combo ?

Idk. But i want to close the ports as much as i can. Or opened ones are defaults except mysql ?

Post the first segments of your IPv6 addresses (before the first colon ":")

I got `a8` and `ff` and `fe80` as you said.

From the data you posted: no. If there isn't more then you don't have an IPv6 WAN IP

What do u mean by `if there isn't more then` ? AND how about ssh; is my ssh open to internet and receive connections ? Just like a server ?

seth · 2025-12-17 20:57:35

To use ssh connection. Its the main problem actually. I want to learn in this current state can my pc accessed via ssh ?

Locally, sure - that was the point of installing it, right?
Globally? From everything you've posted that's very unlikely.

Idk.

Wdym "idk" - you don't know how and where you got that router??

I got `a8` and `ff` and `fe80` as you said.

IPv6 addresses have 4 digits per segment.
Are the other two from the link/ether line? (That's the MAC)

What do u mean by `if there isn't more` ?

You're posting random bits of information - we cannot know what you've omitted.

how about ssh; is my ssh open to internet and receive connections ? Just like a server ?

Again, from everything you've posted there's no indication for that - but I cannot give you a definitive answer based on limited information.

You want me to say "you're safe", but that's backwards. You're indeed not safe. Never.
You rule out known threads. One by one. And the operating theory is that there're gaps you've not closed.

Is the router and it's NAT configuration under your control? Yes or no?
What is that device, where did you get it?
How configured it? How maintains it?
Control over that router dictates control over what gets translated into the LAN.

If you don't have control over that thing, use UFW to limit ssh connections to the LAN and in that case also see https://superuser.com/questions/1545743 … te-network and configure SSH to only allow connections from the LAN on top of that.

loqs · 2025-12-17 22:09:12

jojo06 wrote:

To use ssh connection.

To use `ssh` the client does not require `sshd` the server to be running or even installed. Do you want to use the SSH protocol to connect to remote systems from your machine, connect to your machine from other systems or both?

jojo06 · 2025-12-17 22:13:07

Locally, sure - that was the point of installing it, right?
Globally? From everything you've posted that's very unlikely.

Pew..! Yey! Cool. My pourpose was connect to the VPS server and yeah to my second pc. So they cant ssh connect my pc correct ? And even tho i cant connect my other pc lol . So yeah rules are strict.

Are the other two from the link/ether line? (That's the MAC)

The 4 digits per segment one starts with `fe`

What do u mean by `if there isn't more` ?
You're posting random bits of information - we cannot know what you've omitted.

jojo: So IPv6 not open to internet ?
seth: From the data you posted: no. If there isn't more then you don't have an IPv6 WAN IP

Again, from everything you've posted there's no indication for that - but I cannot give you a definitive answer based on limited information.

Yeah now i see u mentioned that once. Also you said i have a ssh server. BTW What is the difference than ssh package ? I installed just for connect my server. Like just for outgoing connections. Or did i went too far with messing configs to be able to connect my other pc its almost local server now ?

About ssh thread its cool. About ports you didnt answer that. And no other treads. At least for now. There is many possibilities and vulns (or it can be, it will be). Otherwise why would they target me directly? But since they got to the IP, I thought maybe the bots automatically attacked and entered here via ssh/port. This screen going black made me a bit paranoid, of course Im focused on basic and main security stuff. Like ssh and ports. Because it would be so easy And stupid of me to leave it unsecure,

Modem interface ? Yeah, i can do NAT conf from there. Router is my modem.. ? So yeah.
My internet provider gave me. Serial Number will help ? Or model ?
Once the application is completed, they bring it and set it up. I dont/didnt do any updates. I have no idea do if they doing anything about maintenance.

If you don't have control over that thing, use UFW to limit ssh connections to the LAN and in that case also see https://superuser.com/questions/1545743 … te-network and configure SSH to only allow connections from the LAN on top of that.

Will do.

loqs · 2025-12-17 22:23:56

jojo06 wrote:

BTW What is the difference than ssh package?

See my last post.

jojo06 wrote:

I installed just for connect my server. Like just for outgoing connections.

So no need to run `sshd` on your system.

jojo06 wrote:

Or did i went too far with messing configs to be able to connect my other pc its almost local server now ?

Yes you went too far as you do not appear to understand how ssh works. As with the the other servers you run on your system you are increasing the attack surface compared to them not running.

seth · 2025-12-17 22:54:55

The 4 digits per segment one starts with `fe`

"fe80" and as mentioned that's a link local address.

About ports you didnt answer that.

You mean 500 and 4500?

seth wrote:

It is pretty common for ISPs to remotely maintain their issued modem/router combos - in that case you'll also not be able to close those ports.

But if the router is under your control you would have enabled them or maybe some IoT device has UPnP'd itself there.
UPnP is generally a major security risk and should be deactivated and ports be forwarded explicitly only.

Serial Number will help ? Or model ?

No. The relation is specific to your ISP, not a particular HW.

jojo06 · 2025-12-17 23:05:35

@loqs Yeah mate. Now i get it. I forgot i open for my other pc. The server for apache local dev. I closed all ports. httpd, gnome's rdp, and apache's 443(ssl) closed. Also ssh and mysql. Because of ssh connection problem i tried to open all and such

But i believe when i start sshd for outgoing port will start listening again. Am i right ? Or with `systemctl start sshd` for able connecting server(outgoing). Should i add rule to make it safe ? Thats where `nftables` coming to game huh ? It will shown as `filtered` ?

sudo cat /etc/nftables.conf

table inet filter { chain input { type filter hook input priority 0; policy accept; }; }

Is this default ?

sudo nft list ruleset //returned empty
sudo nft -a list chain inet filter input

Error: No such file or directory
list chain inet filter input
                ^^^^^^

For make default and set protection(for correct before allowed ones) and also ufw:

sudo systemctl mask httpd
sudo nft flush ruleset
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw enable

I ran these. So far so good i guess ?

I figure it out and remember really critical stuff i forgot. It really makes sense now. Things look normal.

Yes you went too far as you do not appear to understand how ssh works. As with the the other servers you run on your system you are increasing the attack surface compared to them not running.

Yeah, tell me about it. I was chill and telling myself `dont be paranoid` but man... Now i realize that. Thats why we cant really sure about receiving ssh connections huh ? But with all this restrictions and such i can tell they were not able to. So networking limits was protecting me ? I thought like defense only the limit/protection. No password and/or with no protection config will be the 1 level and most vuln ? And closed config + closed ports will be the 1 level better and max ?

Also i forgot to mention that info @seth . My internet provider is ttnet. Any better when it comes to security ?

loqs · 2025-12-17 23:19:44

jojo06 wrote:

But i believe when i start sshd for outgoing port will start listening again. Am i right ? Or with `systemctl start sshd` for able connecting server(outgoing). Should i add rule to make it safe ? Thats where `nftables` coming to game huh ? It will shown as `filtered` ?

The outbound connection by `ssh` the client to a remote system has a locally bound address that is connected to the remote system. It is not listening.

If you run `sshd` it will listen on a local address and accept inbound connections to your system. If you block all connections to that port it makes running `sshd` pointless and it would be safer to not run `sshd` as that avoids a firewall configuration error allowing accidental access.

For many servers such as apache you can use unix domain sockets instead of IP sockets or run the server and the client in a container so the connections are never exposed on any interface even loop back.

Last edited by loqs (2025-12-17 23:24:57)

jojo06 · 2025-12-17 23:27:00

@loqs Okay. But with that configuration im able to connect a server(outgoing) right ?

@seth i see what u mean now. In interface they allow to open/close UPnP. It shows open now.

I have some output when i run `ss -tulpen6` Is it okay to share in here ?

loqs · 2025-12-17 23:37:40

jojo06 wrote:

@loqs Okay. But with that configuration im able to connect a server(outgoing) right ?

I am not familiar with UFW and I do not want to give bad advice.

seth · 2025-12-18 00:05:24

I have some output when i run `ss -tulpen6` Is it okay to share in here ?

You can share the entirety of

ss -tulpen

unless you see any text in the commandline you consider sensitive (what's very unlikely)

It shows open now.

… so close it… you can run the UDP test afterwards (maybe after restarting the router, I can't tell whether that switch will cut existing connections)

But with that configuration im able to connect a server(outgoing) right ?

You can ssh into some server w/o running sshd on the local system and you should not run sshd on the local system (desktop) if you do not intend to ssh into your desktop.
Period. This is safer, much safer, than any effort to protect the daemon.

Beyond that

ufw status

and read https://wiki.archlinux.org/title/Uncomplicated_Firewall
And disable the nftables.service (otherwise you'll have stacked rules)

My internet provider is ttnet. Any better when it comes to security ?

Your ISP doesn't do "security". They do "internet". You do the security part (in a better case scenario…)

---

I'll try to be polite (which likely is doomed to fail, I'm not good at that):
You should for now under no circumstance run any server or any WAN facing host at all.
You're in no way shape or form competent to do so.
You seem to lack basic and most fundamental knowledge how networks operate and apparently don't even understand the difference between ssh (client) and sshd (server)

Anything you're doing behind the NAT gating of your ISP issued router is most likely gonna be fine - unless you start to forwards ports there, but running a WAN facing service will get you into trouble for pretty much sure.

If you're using your PC like a normal Joe Desktopuser, there's absolutely no reason to host WAN facing services.
The Internet will still work w/o any of that, including that there's typically also no reason to run sshd
You might rely on a local httpd for developing websites and multimedia and stuff (and god help us all if you find clients for that…) but next to ensuring that you cannot reach your WAN IP on port 80 you also want to limit the http server to

Listen 127.0.0.1:80

https://wiki.archlinux.org/title/Apache_HTTP_Server

As long as your only IPv6 start "fe80:" and you cannot reach your WAN IPv4 "from the internet" (ie. the pentest scan you ran) it is extremely unlikely that you have to worry about cold inbound attacks (ie. something that happens w/o you browsing onto some warez page and downloading a lot of malware) but the moment that changes I can almost guarantee you that you're gonna be in a lot of trouble.

jojo06 · 2025-12-18 02:05:04

I closed from Redirection setting. I will run the test again.

Not `ss -tulpen` its `ss -tulpen6`
nftables was inactive/loaded i also disabled. Ok.

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw enable

I ran this before. So im going to add this rules too (run the commands):

ufw default deny
ufw limit ssh
ufw allow Deluge

Correct ? No need allowing localhost for now. Oh torrent is incoming/outgoing connection thats wise to allow otherwise wont work right ?

ufw status
ERROR: You need to be root to run this script
sudo ufw status
Status: active

---

What you said wasn't rude at all. I understand very well, and what you said took shape in my mind a few days ago.
Unfortunately, I don't have anyone I can ask to do this for me yet. Also, these are things I've known since I was 15, but things change, you forget. I'm no stranger to technology at all. I was into cyber security. Wonderind and took courses. And such... But never fully fits in my mind or read documentary. My mind is very busy and distracted at the moment.

And what we have learned and been taught so far is this: `If you are not serving with a static IP, there is no problem developing on your computer with httpd/apache`.

The whole ssh (client) and sshd (server) thing is actually sorted now. It happened when I was messing around with it unconsciously and left it open to connect to the other PC. I left it open in my head without finishing the job or restoring the settings.
Although I searched for someone to work with me in the field of cybersecurity, I couldn't find anyone, whether paid, volunteer, or partner. And I am much better than those around me (course/office friends, etc.). For the purpose of learning and improving myself, I would like to ask something like this and either pause or embark on an intensive learning process beforehand:

What are the worst-case scenarios that could happen? Let's say I just deployed the project. I also created a whitelist. There's a critical point here that I'm glad we touched on: `there will be a payment section`

seth · 2025-12-18 09:36:41

Not `ss -tulpen` its `ss -tulpen6`

"6" limits the output to IPv6

`If you are not serving with a static IP, there is no problem developing on your computer with httpd/apache`.

You better unlearn that - the IP doesn't have to be static to get attacked. NAT and CGNAT imply a certain level of protection, though.

ufw limit ssh

provides rate limiting, it doesn't constrain the traffic to the LAN

What are the worst-case scenarios that could happen? … `there will be a payment section`

You'll wake up to an empty account…

jojo06 · 2025-12-18 15:02:44

provides rate limiting, it doesn't constrain the traffic to the LAN

I want to close incoming ssh. But i want to be able to connect servers(outgoing)

You'll wake up to an empty account…

Wow. Iyzico and similar 3rd payment systems can hack with brute force ? I dont think so. But yeah its creds will be written in `.env`. Is there any course or documentary to secure server as general/basic ? I dont think all the servers/systems has good security nor IT crew to secure. They protect as basic. And thats what i did. Except IP whitelist. But i got attack because of vuln. Otherwise only threat is `innerHTML` (dangerously_set_html).

EDIT: I forgot to tell, after closing UPnP i scanned again UDP. Now 0 ports open in UDP too.

Last edited by jojo06 (2025-12-18 15:04:19)

seth · 2025-12-18 20:47:17

I want to close incoming ssh. But i want to be able to connect servers(outgoing)

Stop and disable sshd.

Wow. Iyzico and similar 3rd payment systems can hack with brute force ?

The comment was based on the level of competence displayed ITT and the estimation that brute force attacks will not be required but you're unwittingly exposing the system.
Again: I really don't like to say that (it's way more fun to trash lennart and gnome) but it is a fair warning based my understanding of your situation.

jojo06 · 2025-12-19 17:23:16

I stopped sshd and disabled it.

I'll do my best. Thanks for the warning. All this has taught me a lot.

I don't think you can recommend documentation, etc. But based on what you suggested and the topic, I came up with the following security scenario:

```
https://archlinux.org/packages/extra/x86_64/nftables/
https://gitlab.archlinux.org/archlinux/ … type=heads
https://wiki.archlinux.org/title/Apache_HTTP_Server
https://wiki.archlinux.org/title/Uncomplicated_Firewall

pc and server will secure with::

ufw rules, (in both will be super duper strict)
ssh limitations, (pc will be outgoing only, server will have IP whitelist)
apache limitations (in pc it wont be running, in server there will be restrictions)
```

There's no one else I can consult, benefit from, or, as I said, find someone good in the market for server/security. I don't have the money for that right now Besides, I have to learn these things. But I think it would be more logical to mark this topic as `solved` and open another one?

seth · 2025-12-21 09:05:28

But I think it would be more logical to mark this topic as `solved` and open another one?

The specific topic was answered pretty much early on
Q "Can attackers penetrate my pc ?"
A "Yes, that's what they do"
and the shifted topic "is my sshd accessible from the WAN" has been terminally answered by

I stopped sshd and disabled it.

But yes, if you've specific (don't ask "Can attackers penetrate my pc ?", that's like asking whether the pope is catholic) questions, security or otherwise, you can open new threads for those.

Arch Linux

#26 2025-12-15 19:31:52

Re: [SOLVED]Can attackers penetrate my pc ?

#27 2025-12-15 19:50:18

Re: [SOLVED]Can attackers penetrate my pc ?

#28 2025-12-15 20:00:59

Re: [SOLVED]Can attackers penetrate my pc ?

#29 2025-12-15 20:19:49

Re: [SOLVED]Can attackers penetrate my pc ?

#30 2025-12-16 15:36:48

Re: [SOLVED]Can attackers penetrate my pc ?

#31 2025-12-16 17:52:26

Re: [SOLVED]Can attackers penetrate my pc ?

#32 2025-12-17 20:21:23

Re: [SOLVED]Can attackers penetrate my pc ?

#33 2025-12-17 20:36:47

Re: [SOLVED]Can attackers penetrate my pc ?

#34 2025-12-17 20:57:35

Re: [SOLVED]Can attackers penetrate my pc ?

#35 2025-12-17 22:09:12

Re: [SOLVED]Can attackers penetrate my pc ?

#36 2025-12-17 22:13:07

Re: [SOLVED]Can attackers penetrate my pc ?

#37 2025-12-17 22:23:56

Re: [SOLVED]Can attackers penetrate my pc ?

#38 2025-12-17 22:54:55

Re: [SOLVED]Can attackers penetrate my pc ?

#39 2025-12-17 23:05:35

Re: [SOLVED]Can attackers penetrate my pc ?

#40 2025-12-17 23:19:44

Re: [SOLVED]Can attackers penetrate my pc ?

#41 2025-12-17 23:27:00

Re: [SOLVED]Can attackers penetrate my pc ?

#42 2025-12-17 23:37:40

Re: [SOLVED]Can attackers penetrate my pc ?

#43 2025-12-18 00:05:24

Re: [SOLVED]Can attackers penetrate my pc ?

#44 2025-12-18 02:05:04

Re: [SOLVED]Can attackers penetrate my pc ?

#45 2025-12-18 09:36:41

Re: [SOLVED]Can attackers penetrate my pc ?

#46 2025-12-18 15:02:44

Re: [SOLVED]Can attackers penetrate my pc ?

#47 2025-12-18 20:47:17

Re: [SOLVED]Can attackers penetrate my pc ?

#48 2025-12-19 17:23:16

Re: [SOLVED]Can attackers penetrate my pc ?

#49 2025-12-21 09:05:28

Re: [SOLVED]Can attackers penetrate my pc ?

Board footer