>>>>> "WC" == Wynne, Conor <Conor.Wynne at compaq.com> writes:
WC> I - currently - don't have a bogs notion what ssh is for. I
WC> "presume" that its for tunnelling to your box through a
WC> firewall, is this anyway right? I noticed its a feature of the
WC> newer smoothwall (http://www.smoothwall.org) I installed last
WC> night. So needless to say its the next thing on my HUGE list
WC> of things to learn!
ssh is a secure replacement for telnet. The whole tunneling stuff is
built ontop of that; when you log in via ssh, you also ask it to
encrypt and forward X clients from the remote machine to your local
machine. It's useful too for collecting POP mail from a box that you
have shell access to without allowing your passwords to go over the
network in the clear.
ssh good; telnet bad.
WC> Do you guys/gals use ssh in the real world?
A number of people on this list do, for things such as secure rsync
backups across the open Innurnet and various kinds of forwarding; I
mainly use it to connect to Zork. I also run it by default instead of
telnet on any boxes that are non-sacrificial.
WC> But surely we should still have some sort of anti-vandal/virus
WC> app aswell? I know - or so I have read - that there has never
WC> been a viral attack on a linux box in the "real" world to
WC> date, but you never know.
It is extremely difficult to wrtie a successful virus for most
variants of Unix. Even a desktop Linux box that was installed using
the "Next, Next, Next, Reboot" methodology will at least prevent
random users from overwriting system files; of course, root is
all-powerful, but you don't run random files as root, do you? By
contrast, even NT servers can be set up with a FAT C drive, which
allows *anyone* over-write *any* file. (It's no use saying "format C
as NTFS"; many Microsoft configurations *require* a FAT C drive.)
Please don't quote Simson Garfinkel in relation to this; he has no
clue about viruses when it comes to *nix boxes.
WC> Does anyone know what is on TCP or is it UDP port 137? I keep
WC> getting attacks on this port at various time during the night.
It's used for Windows networking name service (see /etc/services for a
list of assigned ports). Someone on your ISP's subnet might be
running a Windows box with NetBIOS bound to the Dial-Up Adapter, or
else someone is trying to see if you're running Samba (or Windows!).
Just make sure not to have Samba listening on any Internet-connected
interfaces (cf. "interfaces" and "bind interfaces only" in smb.conf).
I see a lot of connects to 137 since I started using OceanFree at home.
--
"Pity has no place at my table."
-- Dr Hannibal Lecter
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
