Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Linux mint security issue. Weird firewall results from shields up.

  1. #1
    Join Date
    May 2016
    Beans
    14

    Linux mint security issue. Weird firewall results from shields up.

    Hey there fellow Linux friends. I was a Ubuntu user but I now am running Linux Mint 18 Mate 64 on my dell laptop. Anyways I went on the shields up website and I did their firewall test with scanning the first main 1000 ports. It
    says on the site that port 22 and port 23 are opened, everytime I scanned it says open. I tried netstat and nothing seems fishy with that. Here is my netstat results as I am posting this,

    netstat -lntup
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 1623/dnsmasq
    tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3280/cupsd
    tcp6 0 0 ::1:631 :::* LISTEN 3280/cupsd
    udp 0 0 0.0.0.0:5353 0.0.0.0:* 973/avahi-daemon: r
    udp 0 0 0.0.0.0:40037 0.0.0.0:* 1623/dnsmasq
    udp 0 0 127.0.1.1:53 0.0.0.0:* 1623/dnsmasq
    udp 0 0 0.0.0.0:68 0.0.0.0:* 4852/dhclient
    udp 0 0 192.168.0.12:123 0.0.0.0:* 1229/ntpd
    udp 0 0 127.0.0.1:123 0.0.0.0:* 1229/ntpd
    udp 0 0 0.0.0.0:123 0.0.0.0:* 1229/ntpd
    udp 0 0 0.0.0.0:57897 0.0.0.0:* 973/avahi-daemon: r
    udp 0 0 0.0.0.0:631 0.0.0.0:* 3281/cups-browsed
    udp6 0 0 :::5353 :::* 973/avahi-daemon: r
    udp6 0 0 :::54884 :::* 973/avahi-daemon: r
    udp6 0 0 fe80::c15b:4da3:ff3:123 :::* 1229/ntpd
    udp6 0 0 ::1:123 :::* 1229/ntpd
    udp6 0 0 :::123 :::* 1229/ntpd


    So I am not a expert with all of this, but I don't see port 22 and port 23 opened, but maybe I'm not using netstat right or this is a false positive. Is there other ways to check and make sure my computer is OK ? Also doesn't Linux have a built in firewall to prevent this result from Shields up ? Thanks.
    Last edited by mark284; June 3rd, 2019 at 05:55 AM.

  2. #2
    Join Date
    Jun 2006
    Location
    UK
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Linux mint security issue. Weird firewall results from sheilds up.

    Thread moved to Mint sub-forum.
    Ubuntu 16.04 Desktop Guide - Ubuntu 18.04 Desktop Guide - Forum Guide to BBCode - Using BBCode code tags - IRC #ubuntuforums

    Member: Not Canonical Team

    Please do not PM me about your forum account unless you have been asked to. The correct place to contact an admin about your account is here.

  3. #3
    Join Date
    Jan 2007
    Beans
    760
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Linux mint security issue. Weird firewall results from sheilds up.

    If you're behind a router, shields up would be scanning that and not your Mint box.

    If it's your own router, I would check your router for firmware updates, and disable any remote access management features on it. Having ports 22 and 23 open on a router is asking to be pwned.

    If it's an ISP provided router, then it's a moot point. Hopefully they keep it updated.
    Current 'buntu systems: Server 18.04.2 LTS, Mythbuntu 16.04 LTS, Ubuntu 16.04.1 LTS / Retired: 14.04 LTS, 10.04 LTS, 8.04 LTS
    Been using ubuntu since 6.04 (13 years!)

  4. #4
    Join Date
    May 2016
    Beans
    14

    Re: Linux mint security issue. Weird firewall results from sheilds up.

    Hey Kpatz, thanks for the answer. I am behind a modem/router that was provided by my ISP like 4 months ago. It says scanning my IP address so I guess youre right it is scanning my modem. If my Linux firewall is keeping those ports closed, then should it not be a problem ? Also I have setup a username and password on the modem.

  5. #5
    Join Date
    May 2016
    Beans
    14

    Re: Linux mint security issue. Weird firewall results from sheilds up.

    OK so I tried everything I can so far. I rebooted the modem/router, I unchecked the Telnet and SSH options in the modems menu under both WAN and LAN. I am going to give my ISP a call in 3 days when im off from work to take care of this. It says on shields up that having this port open is exactly what hackers look for. Should I not be to worried since the Linux software firewall is running, I think it's iptables ? also I see nothing when I check netstat. Or are other people who are using windows on my network in more trouble ? also Android tablets on the network, smart TV's etc..

  6. #6
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    16,887
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Linux mint security issue. Weird firewall results from sheilds up.

    22/tcp is usually ssh.
    23/tcp is usually telnet.
    If you don't have those enabled on your systems then I wouldn't worry. You can check the process table for either:
    Code:
    ps -eaf|grep ssh
    is an example. Something similar for telnet.

    Having iptables really doesn't mean much. If you didn't specifically configure it, then it is useless. On Linux, you must configure the firewall for it to do anything. The idea that there are "reasonable defaults" applies to grandma OSes. If you want something to work on Linux, expect to
    a) install is
    b) configure it
    c) tell the startup manager (there are 10 of these) that you want it started at reboot or login or at some other point, perhaps dependent on some other item. For example, starting a configured set of firewall rules before networking is up doesn't work. Networking needs to be up, then firewall rules can be applied.

    As others have said, if the router is controlled by the ISP, then there isn't much you can do to alter those settings. ISPs don't configure 1 router at a time. They configure 10,000-50,000 at a time, probably nightly.

    When it comes to security, having multiple layers is the game, so when 1 layer fails, your system isn't compromised.

    All my systems have ssh running, but only a few have ports forwarded from the internet inside to reach those computers. None of my systems have telnet or FTP. I consider both of those as dead protocols since 1995. Unless there is a very specific purpose, having either of those unencrypted protocols on your network would be a terrible idea.

    Your ISP should be embarrassed. Back when I had to use shared web hosting, when I found that a company allowed telnet or plain FTP, that was reason enough to cancel. I didn't want anything to do with a company that foolish as to allow clients to login over protocols that don't use **any** encryption. It isn't just foolish, stupid, dumb - it is negligent and has been for about 20 yrs.

  7. #7
    Join Date
    May 2016
    Beans
    14

    Re: Linux mint security issue. Weird firewall results from sheilds up.

    I am not that computer savy. I am more like a beginner to mid level skill with computers. I have helped people with average problems. Is my computer safe with the info I have provided ?
    I was sure that Linux has a built in firewall that uses protection as a backup. I tried to open iptables to check status and I get this.


    Dell ~ # service iptables status
    ● iptables.service
    Loaded: not-found (Reason: No such file or directory)
    Active: inactive (dead)
    Dell ~ # sudo iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination



    Is the firewall doing what it should ? I also did a rkhunter scan and everything is green and perfect. No malicious software, no backdoors, no open ports etc... here it is everything here was in green.


    Checking the network...

    Performing checks on the network ports
    Checking for backdoor ports [ None found ]
    Checking for hidden ports [ Skipped ]

    Performing checks on the network interfaces
    Checking for promiscuous interfaces [ None found ]

    Checking the local host...

    Performing system boot checks
    Checking for local host name [ Found ]
    Checking for system startup files [ Found ]
    Checking system startup files for malware [ None found ]

    Performing group and account checks
    Checking for passwd file [ Found ]
    Checking for root equivalent (UID 0) accounts [ None found ]
    Checking for passwordless accounts [ None found ]
    Checking for passwd file changes [ None found ]
    Checking for group file changes [ None found ]
    Checking root account shell history files [ None found ]

    Performing system configuration file checks
    Checking for an SSH configuration file [ Not found ]
    Checking for a running system logging daemon [ Found ]
    Checking for a system logging configuration file [ Found ]
    Checking if syslog remote logging is allowed [ Not allowed ]


    I'm trying to see if my PC was hacked due to these 2 open ports on my network. Here is the result of the command you told me to post

    ps -eaf|grep ssh
    mint 1507 1351 0 11:32 ? 00:00:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session /usr/bin/im-launch mate-session
    mint 22802 22782 0 18:06 pts/0 00:00:00 grep --color=auto ssh


    I do see SSH-agent in my processes tab in system monitor.
    Last edited by mark284; June 3rd, 2019 at 11:09 PM.

  8. #8
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    16,887
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Linux mint security issue. Weird firewall results from sheilds up.

    We were all beginners at some point. The way to get passed that stage is to lookup every command you see, read about it, review the manpage about it and try to understand what it really says in the output.

    Having iptables really doesn't mean much. If you didn't specifically configure it, then it is useless. On Linux, you must configure the firewall for it to do anything. The idea that there are "reasonable defaults" applies to grandma OSes. If you want something to work on Linux, expect to
    a) install is
    b) configure it
    c) tell the startup manager (there are 10 of these) that you want it started at reboot or login or at some other point, perhaps dependent on some other item. For example, starting a configured set of firewall rules before networking is up doesn't work. Networking needs to be up, then firewall rules can be applied.
    No. iptables isn't configured.
    No. iptables hasn't been setup to automatically start, at least from what I can see.
    No. iptables isn't doing anything to protect your system.
    https://help.ubuntu.com/community/IptablesHowTo

    Windows computer skills DO NOT translate to Linux/Unix. Sorry. Learning Unix is like learning to speak another language.

    rkhunter isn't very useful either, BTW. When the signatures get out of date and you begin seeing 5, 10, 15, 20, 50, 100 false positives, you'll understand.

    There is a sticky thread at the top of the Ubuntu Forums "Security" forum. Probably best to review those, follow the links they provide, review those links as much as needed.

    A good beginning text on Linux: http://linuxcommand.org/tlcl.php Learn a chapter every week and in just a few months the connections between the different commands will really start to snowball.
    Last edited by TheFu; June 4th, 2019 at 01:06 AM.

  9. #9
    Join Date
    May 2016
    Beans
    14

    Re: Linux mint security issue. Weird firewall results from sheilds up.

    So what do I do, since my computer is exposed at port 22 and port 23 ? What GUI firewall would you recommend or do I even need a firewall ? I have SSH-agent running, but netstat has not shown port 22 and 23 used.
    Also does it help that my home folder is password protected and locked ? I seriously do not understand lots of this stuff and I was told many times that Linux has a built in firewall protecting things called iptables. I want to get a GUI firewall that can maybe monitor all connections ( better than netstat ) and do some investigating.

    If someone is using Linux on a PC that connects to a older modem with no hardware firewall built in, that means they are screwed, since all ports are open ? I am really confused here.

  10. #10
    Join Date
    May 2016
    Beans
    14

    Re: Linux mint security issue. Weird firewall results from sheilds up.

    Here is my current netstat settings. I think something on port 8009 is suspicious. I'm all paranoid due to all the passwords I have on my computer. It seems like I have been running Linux without a firewall for years.

    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN
    tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
    tcp 0 0 192.168.0.12:54542 192.168.0.14:8009 ESTABLISHED
    tcp 0 0 192.168.0.12:52294 23.77.240.17:443 ESTABLISHED
    tcp 0 0 192.168.0.12:48586 149.28.200.96:443 ESTABLISHED
    tcp 0 0 192.168.0.12:60308 198.252.206.25:443 ESTABLISHED
    tcp 0 0 192.168.0.12:32904 149.28.193.225:443 ESTABLISHED
    tcp 0 0 192.168.0.12:46152 192.168.0.23:8009 ESTABLISHED
    tcp 0 0 192.168.0.12:37650 192.168.0.14:8008 ESTABLISHED
    tcp 0 0 192.168.0.12:42884 34.210.113.231:443 ESTABLISHED
    tcp6 0 0 ::1:631 :::* LISTEN


    port 8009 is making connections on my network and thats what concerns me. The only firewall I've had is the hardware firewall.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •