Broadband Security - Mandriva

This is a discussion on Broadband Security - Mandriva ; Hi again! I'm moving from dialup to DSL. I've got the "connectivity" part worked out, but I'm concerned about security, especially with DSL being "always on". What can I do to prevent security breaches and other nasties? All I do ...

+ Reply to Thread
Page 1 of 7 1 2 3 ... LastLast
Results 1 to 20 of 130

Thread: Broadband Security

  1. Broadband Security

    Hi again! I'm moving from dialup to DSL. I've got the "connectivity"
    part worked out, but I'm concerned about security, especially with DSL
    being "always on". What can I do to prevent security breaches and other
    nasties? All I do is surf the web and deal with email and newsgroups;
    I'm not running any kind of server and don't need to log into my system
    from elsewhere. Oh, and I'm running Mandriva 2007.0.

    Here's what I have so far, after searching web pages and newsgroups: my
    (desktop) system is connected through a combination DSL modem and
    router. I've installed and initialized chkrootkit and tripwire. 'sudo
    netstat -ap | fgrep "LISTEN "' now returns only:

    tcp 0 0 localhost:ipp *:* LISTEN 3131/cupsd

    when before it returned several entries (X, lisa, cupsd) with Local
    Address as '*:service' meaning accessible to all. Is there anything
    else I should do, security-wise? Would figuring out 'iptables' add
    anything? Is there anything else included with Mandriva, or
    downloadable, that would help, or any web pages you'd recommend? Just
    how much paranoia is appropriate here? Thanks VERY much in advance for
    your advice on this!

    Adam
    --
    Email: rubin AT bestweb DOT net [for now]

  2. Re: Broadband Security

    On Tue, 05 Jun 2007 19:42:47 -0400, Adam wrote:

    > Hi again! I'm moving from dialup to DSL. I've got the "connectivity"
    > part worked out, but I'm concerned about security, especially with DSL


    The security issue is the same, no matter how you're connected.

    Go to System/Configuration/Configure your computer (aka same as running
    mcc from a terminal).

    Select Security, then Setup a personal firewall...

    Uncheck everything. Select ok, uncheck "use interactive firewall" (you don't
    need to be nagged, everytime someone tries to connect). Select ok. Select
    which interface to protect (eth0 probably).

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  3. Re: Broadband Security

    David W. Hodgins wrote:

    > On Tue, 05 Jun 2007 19:42:47 -0400, Adam wrote:
    >
    >> Hi again! I'm moving from dialup to DSL. I've got the "connectivity"
    >> part worked out, but I'm concerned about security, especially with DSL

    >
    > The security issue is the same, no matter how you're connected.
    >
    > Go to System/Configuration/Configure your computer (aka same as running
    > mcc from a terminal).
    >
    > Select Security, then Setup a personal firewall...
    >
    > Uncheck everything. Select ok, uncheck "use interactive firewall" (you
    > don't need to be nagged, everytime someone tries to connect). Select ok.
    > Select which interface to protect (eth0 probably).
    >
    > Regards, Dave Hodgins
    >


    Then go to http://www.grc.com/default.htm & select "Shields Up" to test your
    firewall just to be sure.

    --
    Nothing's Too Sacred - http://scott2096.blogspot.com/
    Soar Like An Eagle - http://www.lockergnome.com/nexus/seaeagle/
    Sea Eagle's Free Wallpapers - http://tinyurl.com/2ryxq4
    Registered Linux User # 384081 http://counter.li.org/

  4. Re: Broadband Security

    On Tue, 05 Jun 2007 19:42:47 -0400, Adam wrote:

    > Hi again! I'm moving from dialup to DSL. I've got the "connectivity"
    > part worked out, but I'm concerned about security, especially with DSL
    > being "always on". What can I do to prevent security breaches and other
    > nasties? All I do is surf the web and deal with email and newsgroups;
    > I'm not running any kind of server and don't need to log into my system
    > from elsewhere. Oh, and I'm running Mandriva 2007.0.
    >
    > Here's what I have so far, after searching web pages and newsgroups: my
    > (desktop) system is connected through a combination DSL modem and
    > router. I've installed and initialized chkrootkit and tripwire. 'sudo
    > netstat -ap | fgrep "LISTEN "' now returns only:
    >
    > tcp 0 0 localhost:ipp *:* LISTEN 3131/cupsd
    >
    > when before it returned several entries (X, lisa, cupsd) with Local
    > Address as '*:service' meaning accessible to all. Is there anything
    > else I should do, security-wise? Would figuring out 'iptables' add
    > anything? Is there anything else included with Mandriva, or
    > downloadable, that would help, or any web pages you'd recommend? Just
    > how much paranoia is appropriate here? Thanks VERY much in advance for
    > your advice on this!
    >
    > Adam


    IMHO - from a practical standpoint, don't worry about it.


  5. Re: Broadband Security

    On 2007-06-06, Sea Eagle wrote:
    > David W. Hodgins wrote:
    >
    >> On Tue, 05 Jun 2007 19:42:47 -0400, Adam wrote:
    >>
    >>> Hi again! I'm moving from dialup to DSL. I've got the "connectivity"
    >>> part worked out, but I'm concerned about security, especially with DSL

    >>
    >> The security issue is the same, no matter how you're connected.
    >>
    >> Go to System/Configuration/Configure your computer (aka same as running
    >> mcc from a terminal).
    >>
    >> Select Security, then Setup a personal firewall...
    >>
    >> Uncheck everything. Select ok, uncheck "use interactive firewall" (you
    >> don't need to be nagged, everytime someone tries to connect). Select ok.
    >> Select which interface to protect (eth0 probably).
    >>
    >> Regards, Dave Hodgins
    >>

    >
    > Then go to http://www.grc.com/default.htm & select "Shields Up" to test your
    > firewall just to be sure.


    That will test the router rather than the computer behind the router,
    unless the router is wide open. If the router has any 'security' options,
    use them.

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  6. Re: Broadband Security

    Adam wrote:

    > Hi again! I'm moving from dialup to DSL. I've got the "connectivity"
    > part worked out, but I'm concerned about security, especially with DSL
    > being "always on". What can I do to prevent security breaches and other
    > nasties? All I do is surf the web and deal with email and newsgroups;
    > I'm not running any kind of server and don't need to log into my system
    > from elsewhere. Oh, and I'm running Mandriva 2007.0.
    >
    > Here's what I have so far, after searching web pages and newsgroups: my
    > (desktop) system is connected through a combination DSL modem and
    > router.


    As Whiskers points out.... If you're behind a hardware router, there is
    no need for setting up a Linux firewall. The router should look after
    that for you.




  7. Re: Broadband Security - Thanks!

    Thanks, all of you, Dave and Sea Eagle and Whiskers and Jim and Ray, for
    your very helpful advice!

    >> Then go to http://www.grc.com/default.htm & select "Shields Up" to
    >> test your
    >> firewall just to be sure.

    >
    > That will test the router rather than the computer behind the router,
    > unless the router is wide open. If the router has any 'security'
    > options, use them.


    "Shields Up" shows all green (stealth). I managed to find a User Guide
    for the router (Westell 327W provided by ISP) online, thanks to the
    Wayback Machine ( http://www.archive.org ), and I'll look into what
    options the router has. Thanks again, everyone!

    Adam

  8. Re: Broadband Security

    On 2007-06-06, Jim Townsend wrote:
    > Adam wrote:
    >
    >> Hi again! I'm moving from dialup to DSL. I've got the "connectivity"
    >> part worked out, but I'm concerned about security, especially with DSL
    >> being "always on". What can I do to prevent security breaches and other
    >> nasties? All I do is surf the web and deal with email and newsgroups;
    >> I'm not running any kind of server and don't need to log into my system
    >> from elsewhere. Oh, and I'm running Mandriva 2007.0.
    >>
    >> Here's what I have so far, after searching web pages and newsgroups: my
    >> (desktop) system is connected through a combination DSL modem and
    >> router.

    >
    > As Whiskers points out.... If you're behind a hardware router, there is
    > no need for setting up a Linux firewall. The router should look after
    > that for you.


    In an ideal world, one layer of firewall "should" be
    sufficient. In reality, firewalls do get cracked every once
    in a while, or they can be misconfigured or have some other
    weakness. Among other things, any good computer security
    course will teach that it is a good thing to have multiple
    layers of security.

    --
    Robert Riches
    spamtrap42@verizon.net
    (Yes, that is one of my email addresses.)

  9. Re: Broadband Security

    On 2007-06-06, Robert M. Riches Jr. wrote:
    > On 2007-06-06, Jim Townsend wrote:
    >> Adam wrote:
    >>
    >>> Hi again! I'm moving from dialup to DSL. I've got the "connectivity"
    >>> part worked out, but I'm concerned about security, especially with DSL
    >>> being "always on". What can I do to prevent security breaches and other
    >>> nasties? All I do is surf the web and deal with email and newsgroups;
    >>> I'm not running any kind of server and don't need to log into my system
    >>> from elsewhere. Oh, and I'm running Mandriva 2007.0.
    >>>
    >>> Here's what I have so far, after searching web pages and newsgroups: my
    >>> (desktop) system is connected through a combination DSL modem and
    >>> router.

    >>
    >> As Whiskers points out.... If you're behind a hardware router, there is
    >> no need for setting up a Linux firewall. The router should look after
    >> that for you.

    >
    > In an ideal world, one layer of firewall "should" be
    > sufficient. In reality, firewalls do get cracked every once
    > in a while, or they can be misconfigured or have some other
    > weakness. Among other things, any good computer security
    > course will teach that it is a good thing to have multiple
    > layers of security.


    Certainly if the computer is connecting wirelessly, or is going to be used
    on more than one network, then it is important to have sensible security
    settings on that machine itself. But any 'scan' or 'security test' from
    the internet is going to report information about the router, not the
    end-user's computer, except possibly for such things as web-browser ID and
    cookies transmitted by the user's computer, or servers which are made
    accessible by the router.

    --
    -- ^^^^^^^^^^
    -- Whiskers
    -- ~~~~~~~~~~

  10. Re: Broadband Security - Thanks!

    Adam wrote:
    > "Shields Up" shows all green (stealth). I managed to find a User Guide
    > for the router (Westell 327W provided by ISP) online, thanks to the
    > Wayback Machine ( http://www.archive.org ), and I'll look into what
    > options the router has. Thanks again, everyone!


    The Westell allows you to set the router to allow your machine
    to connect to the 'Net at will, but drop all attempts to connect
    FROM the 'Net. That is what you want.

    I think by default it REJECTs one port, 113 if I remember
    correctly, rather than drop it. This is ok. Someone on the net
    (such as your ISP's net admin) can tell if your router is up and
    functional to some degree, but that is no big deal. You can go
    completely stealth by setting the Westell to drop specifically
    that port in addition to everything else, but there are other
    ways to determine if a machine is on the 'Net when it is not
    responding at all. Just takes more work to gather and sort
    information from adjacent nodes.

    I would recommend setting up a firewall on your machine, whether
    or not there is a wireless connection (this begs for some
    serious security firewalling plus WPA encryption) or another
    machine on your net behind the router firewall. Belt and
    suspenders is less likely to let your troursers drop than belt
    or suspenders alone.

    Cheers!

    jim b.

    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

  11. Re: Broadband Security

    On Tue, 05 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    <136bsmu9uc0mh2c@corp.supernews.com>, Adam wrote:

    >I've got the "connectivity" part worked out, but I'm concerned about
    >security, especially with DSL being "always on". What can I do to
    >prevent security breaches and other nasties? All I do is surf the web
    >and deal with email and newsgroups; I'm not running any kind of server
    >and don't need to log into my system from elsewhere.


    No servers - no services to the world? OK - 'netstat -apntu' should
    show nothing listening to your Ethernet interface.

    >Here's what I have so far, after searching web pages and newsgroups:
    >my (desktop) system is connected through a combination DSL modem and
    >router.


    OK - verify that your router isn't forwarding ports from the Internet
    side to your computer. Nothing forwarded means no way to connect.

    >I've installed and initialized chkrootkit and tripwire.


    Tripwire is not really being maintained. The replacements are programs
    like aide. As for 'chkrootkit' (and the equally flawed 'rkhunter' from
    http://www.rootkit.nl), it is a total waste of diskspace, never mind the
    CPU cycles. Both 'chkrootkit' and 'rkhunter' are windoze wannabe
    applications that attempt to detect root kits based on crude tests to
    find indications that have been seen in the past. They're primarily
    shell scripts, and thus easy to read. Both will (as an example) search
    for a file named '/tmp/.../a' or '/tmp/.../r' and on finding this will
    declare you are infected with the 55308 worm (a port scanner seen in
    mid-20030. Now, should the malware author have done the unthinkable and
    changed the name of the file to '/tmp/.../A' (or indeed _anything_ other
    than 'a' or 'r') then neither tool will find the malware.

    Another frequent problem with both 'chkrootkit' and 'rkhunter' are false
    alarms caused by inept programming gaffes. An example us caused by using
    'grep' to find character strings in files - such as the string 'adore'
    (the Adore worm targeted Red Hat 7.0 system vulnerabilities in 2001)
    which will be found in the string 'Isadore' or 'Labradorean', never mind
    words that are based on 'adore' like 'adorer' or 'unadored').

    Saw an article in another newsgroup last week where _both_ 'chkrootkit'
    and 'rkhunter' were crying about the 'eth0' interface having a packet
    sniffer running when none in fact were - the false alarm caused by a
    dumb test that used 'grep' on the output of '/sbin/ifconfig' and noted
    the string 'PROMISC' in the third line. This was caused by running a DHCP
    client, but neither "malware detector" bothered to explain the test, or
    note the possible false alarm.

    In the several years that 'chkrootkit' and 'rkhunter' have been
    available ('chkrootkit' actually dates from 1997, rkhunter seems to be
    from 2003), I've yet to hear of a reliable report of someone using either
    to find a root kit. The ONLY reports I've seen are about false alarms.
    The 'image comparison' technique used by 'tripwire' and it's successors
    are far more reliable, but require you to start with a "known clean"
    system - creating something that you can reliably compare to.

    >'sudo netstat -ap | fgrep "LISTEN "' now returns only:
    >
    >tcp 0 0 localhost:ipp *:* LISTEN 3131/cupsd


    printer daemon listening on the loopback (change the 'netstat -ap' to
    'netstat -anp' to verify that it's only on 127.0.0.1:631) would be OK.

    >when before it returned several entries (X, lisa, cupsd) with Local
    >Address as '*:service' meaning accessible to all. Is there anything
    >else I should do, security-wise?


    Sounds good.

    >Would figuring out 'iptables' add anything?


    Might reduce the amount of resources used to configure the firewall, but
    as you don't need anything exotic - probably not.

    >Is there anything else included with Mandriva, or downloadable, that
    >would help, or any web pages you'd recommend?


    The HOWTOs that come with the system are probably not the latest, but
    they may be worth skimming. A good firewall reference is the HOWTOs from
    Rusty Russell (author of the firewall code in the kernel) which you can
    get from http://www.netfilter.org/documentation/HOWTO/

    >Just how much paranoia is appropriate here?


    ---------------------
    "It's only called paranoid when they AREN'T after you"
    ---------------------
    When they _are_ out to get you, always check your paperwork.
    ---------------------
    "I got my paranoia the old fashioned way: I earned it."
    ---------------------
    Paranoia comes from experience - and is not necessarily a bad thing.
    ---------------------

    Old guy


  12. Re: Broadband Security

    On Wed, 06 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    <46660264$0$84080$892e0abb@auth.newsreader.octanews .com>, Sea Eagle wrote:

    >David W. Hodgins wrote:


    >> Uncheck everything. Select ok, uncheck "use interactive firewall" (you
    >> don't need to be nagged, everytime someone tries to connect). Select ok.
    >> Select which interface to protect (eth0 probably).


    Seems reasonable

    >Then go to http://www.grc.com/default.htm & select "Shields Up" to test
    >your firewall just to be sure.


    But before you do, turn on logging on your firewall. Then you'll be
    able to see the extremely pathetic and limited test that this
    charlatan performs. Remember, he's aimed at selling crap to the windoze
    lusers who can only click on icons and be amazed. There are 65536 TCP
    and 65536 UDP ports - he tests a combined total of less than 1200 if you
    get the _full_ scan, and as few as 21 on a quick scan. He ignores the
    other 130 odd network protocols that an IP packet can carry, probably
    because he doesn't know they exist, which also explains his false
    deductions about what he calls "stealth" computers. I guess he's never
    seen the output of 'traceroute' (much less the more capable tools that
    are used by network aware admins).

    You could try 'nmap' - but unless you are testing from a site on the
    Internet, you aren't making an accurate test - and again (if you read
    the man page - see the -p option) this only tests a limited number of
    ports by default (although more than the charlatan at grc.com). You can
    tell nmap to test more ports (both TCP and UDP) but do so with care less
    you trigger a FOAD response from your firewall (or ISP). Again, nmap
    doesn't know about other Internet protocols.

    Best solution: Know what you are doing, and don't depend on ill-planned
    tests or windoze oriented applications. It also helps to know how
    networking protocols work in the first place, but this is asking a lot of
    some users.

    Old guy)

  13. Re: Broadband Security - Thanks!

    On Wed, 06 Jun 2007, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , Jim Beard wrote:

    >Adam wrote:


    >> "Shields Up" shows all green (stealth).


    One wonders how many ports were checked.

    >The Westell allows you to set the router to allow your machine
    >to connect to the 'Net at will, but drop all attempts to connect
    >FROM the 'Net. That is what you want.


    DROP or REJECT - the effect is the same, in that no one outside can get
    in. The difference may impress Gibson, but not much else.

    >I think by default it REJECTs one port, 113 if I remember correctly,
    >rather than drop it. This is ok. Someone on the net (such as your
    >ISP's net admin) can tell if your router is up and functional to
    >some degree, but that is no big deal.


    Port 113/tcp is used for the "auth" protocol (RFC1413). The concept
    was that when a user connects to a server, the server sends back a
    TCP request to the 'identd' server on your system and asks "who is
    the user connecting to my server on port $FOO?". The identd server
    replies with some data (which may be a string containing your username
    or other fairy tales) so that if abuse occurs, the admin of the
    remote server has some name to complain about. I see about one percent
    of the server I connect to will try this. This service may be
    blocked as it is specifically not meant to be used as authentication.
    Thus, you can either allow, or reject the ident query, and things
    normally should proceed swimmingly (used to be that IRC servers and
    some POP [mail delivery] servers required a "valid" response). The
    problem with DROPping this port (no response what-so-ever) is that
    the remote will wait until the ident request times out (which can be
    up to a minute) before allowing you to connect. Thus, the rule of
    thumb that if you use a server/service that will try an ident query,
    you want to REJECT (or allow if you are that way) the packet to
    avoid the delay. If you _don't_ use such a server/service, then
    you can black-hole things if you so desire.

    >You can go completely stealth by setting the Westell to drop
    >specifically that port in addition to everything else, but there
    >are other ways to determine if a machine is on the 'Net when it is
    >not responding at all. Just takes more work to gather and sort
    >information from adjacent nodes.


    Actually, it takes a few extra seconds only. With the tools I normally
    use, it's five keystrokes - but that's command line.

    >I would recommend setting up a firewall on your machine, whether
    >or not there is a wireless connection (this begs for some
    >serious security firewalling plus WPA encryption)


    Agreed - does it _have_ a WPA capability? Some of these routers only
    support WEP, which if you read 'alt.internet.wireless' can be cracked
    in seconds.

    Old guy

  14. Re: Broadband Security - Thanks!

    Jim Beard wrote:
    >> the router (Westell 327W provided by ISP)

    >
    > The Westell allows you to set the router to allow your machine to
    > connect to the 'Net at will, but drop all attempts to connect FROM the
    > 'Net. That is what you want.


    Thanks, Jim! I'll look through the router's User Guide to learn how to
    do that.

    > I would recommend setting up a firewall on your machine, whether or not
    > there is a wireless connection (this begs for some serious security
    > firewalling plus WPA encryption) or another machine on your net behind
    > the router firewall. Belt and suspenders is less likely to let your
    > trousers drop than belt or suspenders alone.


    At someone's suggestion, I went to MCC and set up Shorewall. The router
    supports wireless, but right now I just have the one desktop system
    plugged into it. (That may change later.) I agree with your "belt plus
    suspenders" approach, which is why I'm considering the router PLUS a
    firewall PLUS any other good ideas. It's a lot easier to set things up
    that way /before/ I start seriously using DSL. Thanks again for your
    help with this!

    Adam

  15. Re: Broadband Security - Thanks!

    Moe Trin wrote:
    >> I would recommend setting up a firewall on your machine, whether
    >> or not there is a wireless connection (this begs for some
    >> serious security firewalling plus WPA encryption)

    >
    > Agreed - does it _have_ a WPA capability? Some of these routers only
    > support WEP, which if you read 'alt.internet.wireless' can be cracked
    > in seconds.


    A peek at the router's (Westell VersaLink 327W) user guide mentioned WEP
    but not WPA, but I wasn't looking too closely. Right now I just have
    the one desktop system plugged into the router. Probably by the time I
    get a laptop, if ever, things will have changed so much that I'll need
    to ask advice all over again!

    Adam

  16. Re: Broadband Security

    Moe Trin wrote:
    >> I'm not running any kind of server
    >> and don't need to log into my system from elsewhere.

    >
    > No servers - no services to the world? OK - 'netstat -apntu' should
    > show nothing listening to your Ethernet interface.


    $ sudo netstat -apntu
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    PID/Program name
    tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
    3136/cupsd
    tcp 0 0 192.168.1.46:57161 63.245.209.11:80 ESTABLISHED
    5402/seamonkey-bin
    tcp 0 0 192.168.1.46:57162 63.245.209.11:80 ESTABLISHED
    5402/seamonkey-bin
    udp 0 0 0.0.0.0:32768 0.0.0.0:*
    3016/avahi-daemon:
    udp 0 0 0.0.0.0:68 0.0.0.0:*
    3473/dhclient
    udp 0 0 0.0.0.0:5353 0.0.0.0:*
    3016/avahi-daemon:
    udp 0 0 0.0.0.0:631 0.0.0.0:*
    3136/cupsd
    udp 0 0 :::32769 :::*
    3016/avahi-daemon:
    $

    (That's unedited, except for trimming spaces -- sorry about the line
    wrap there!) Does that look okay to you?

    >> my (desktop) system is connected through a combination DSL modem and
    >> router.

    >
    > OK - verify that your router isn't forwarding ports from the Internet
    > side to your computer. Nothing forwarded means no way to connect.


    I'll have to look through the router's user guide to figure out how to
    check that... but I will!

    > Tripwire is not really being maintained. The replacements are programs
    > like aide. As for 'chkrootkit' (and the equally flawed 'rkhunter' from
    > http://www.rootkit.nl), it is a total waste of diskspace, never mind the
    > CPU cycles.


    What security-related programs would you recommend? (Recommendations
    from anybody are welcomed!)

    >> it returned several entries (X, lisa, cupsd) with Local Address as
    >> '*:service' meaning accessible to all.


    And I think I may have found a bug in 2007.0's 'startx' script (if any
    of its config files exist then X won't start) but more likely I'm doing
    something wrong. I ended up changing the line in it to
    defaultserverargs="-nolisten tcp" and now X starts but no longer listens.

    >> Just how much paranoia is appropriate here?

    >
    > "It's only called paranoid when they AREN'T after you"


    I actually asked a therapist about that once. She said that paranoia is
    the delusion that they're after you. If they really ARE after you,
    it's not a delusion.

    > Paranoia comes from experience - and is not necessarily a bad thing.


    I don't have much experience of my own, which is why I appreciate the
    experience of everyone in this newsgroup and elsewhere!

    > You could try 'nmap' - but unless you are testing from a site on the
    > Internet, you aren't making an accurate test - and again (if you read
    > the man page - see the -p option) this only tests a limited number of
    > ports by default (although more than the charlatan at grc.com). You can
    > tell nmap to test more ports (both TCP and UDP) but do so with care less
    > you trigger a FOAD response from your firewall (or ISP). Again, nmap
    > doesn't know about other Internet protocols.


    Hmmm. What if I found my DSL address (71.something, I think), then went
    online with my dialup connection (address 216.179.something) and tried
    to test the ports at 71.whatever ? Would that be valid?

    > It also helps to know how networking protocols work in the first
    > place, but this is asking a lot of some users.


    I remember getting a passing grade in "Computer Networking" around 1990.
    I'm sure nothing has changed since then! :-)

    BTW I'm replacing my dollar-store phone extension cord with cat5e (with
    RJ-11 connectors). Thanks again for all your help with this and all my
    assorted connectivity problems!

    Adam

  17. Re: Broadband Security - Thanks!

    On 2007-06-08, Adam wrote:
    > Moe Trin wrote:
    >>> I would recommend setting up a firewall on your machine, whether
    >>> or not there is a wireless connection (this begs for some
    >>> serious security firewalling plus WPA encryption)

    >>
    >> Agreed - does it _have_ a WPA capability? Some of these routers only
    >> support WEP, which if you read 'alt.internet.wireless' can be cracked
    >> in seconds.

    >
    > A peek at the router's (Westell VersaLink 327W) user guide mentioned WEP
    > but not WPA, but I wasn't looking too closely. Right now I just have
    > the one desktop system plugged into the router. Probably by the time I
    > get a laptop, if ever, things will have changed so much that I'll need
    > to ask advice all over again!


    If you're not using wireless, you can disable it through the
    web-based configuration stuff on the router. For good
    measure, you can probably also remove the antenna.

    --
    Robert Riches
    spamtrap42@verizon.net
    (Yes, that is one of my email addresses.)

  18. Re: Broadband Security - Thanks!

    Robert M. Riches Jr. wrote:

    > If you're not using wireless, you can disable it through the
    > web-based configuration stuff on the router. For good
    > measure, you can probably also remove the antenna.


    Switching off wireless in software should be enough. There is a /very/
    minor chance that running the router with the antenna unplugged could
    damage the transmit part of the wireless transceiver.

    Chris


  19. Re: Broadband Security

    On Thu, 07 Jun 2007 20:31:43 -0400, Adam wrote:

    > udp 0 0 0.0.0.0:32768 0.0.0.0:*
    > 3016/avahi-daemon:


    You don't need avahi-demon on if you don't have a lan. Turn if off
    with "service avahi-daemon stop", and stop it from starting in
    future with "chkconfig avahi-daemon off".

    Turning it off, is one of the first steps in resolving problems
    with slow dns lookups.

    Regards, Dave Hodgins

    --
    Change nomail.afraid.org to ody.ca to reply by email.
    (nomail.afraid.org has been set up specifically for
    use in usenet. Feel free to use it yourself.)

  20. Re: Broadband Security - Thanks!

    Christopher Hunter wrote:
    > Robert M. Riches Jr. wrote:
    >
    >> If you're not using wireless, you can disable it through the
    >> web-based configuration stuff on the router. For good
    >> measure, you can probably also remove the antenna.

    >
    > Switching off wireless in software should be enough. There is a /very/
    > minor chance that running the router with the antenna unplugged could
    > damage the transmit part of the wireless transceiver.


    Thanks, Robert and Christopher. I went through the configuration
    screens on the router, and now Wireless is Disabled.

    I think I'll attach the antenna anyway, but not for technical reasons.
    Mainly, if I don't attach it now, I'm not sure I'll be able to find it
    later!

    Adam

+ Reply to Thread
Page 1 of 7 1 2 3 ... LastLast