Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Question about blocking incomming traffic
Special Forums IP Networking Question about blocking incomming traffic Post 302865735 by bakunin on Saturday 19th of October 2013 02:00:34 PM
Old 10-19-2013
Quote:
Originally Posted by LMHmedchem
Thank you for this very informative post. This is what I was looking for. If I read this right, my router will automatically block incoming connections unless I have set up port forwarding to allow it. Further, unless I am running the service that the connection is looking for, the connection would be refused anyway.
Exactly.

Quote:
Is there any way for there to be intrusion on port 80, since that will be used for normal internet traffic?
I am not sure if i understand the question correctly. Port 80 is for hypertext transport protocol (http). It is the default port a web server (=httpd, http-daemon) uses. Suppose you use http to surf to some web site:

You send a request to some site, using http and contacting port 80 at, say, remote.site.com.

The httpd (read: apache, tomcat, IIS, ...) sits there at the server and listens at port 80 when your request comes in.

It picks it up, creates an answer (=web page) and sends it to you, using some unspecified free port on its own system and port 80 at yours.

Your http-client (read: web browser) takes this message apart, creates an answer (for instance, by you clicking on a link, etc.) an sends it back, etc..

A "message" in http is similar to an MIME e-mail in format. It can consist of several parts (pictures, scripts, ...) and of course one (or even several) of these parts can contain malicious code. If you download such code and you run a widespread graphical interrupt handler instead of an OS, your system could become infected with some malware, adware, virus, worm, ...

You would have gotten this malicious code through your port 80, like all the other http messages you get. Closing it would simply forbid any http traffic and effectively prohibit http-connections of any sort. You can either use some scanner inspecting what comes through port 80 (this is how virus scanners work - they pose as daemons listening at port 80 and only pass to the originally intended client after having inspected what comes through) or use a system which cannot be affected by malicious code. Code, malicious or not, will not carry out its purpose until being run and it runs with the privileges of the user running it. This is why it is a very bad idea to surf the web as "root" in Unix. Alas, some OSes are only usable as "Administrator" and so the problem starts.

I am not sure if i have addressed your concern. In case i haven't: please ask clearly, what you want to know.

I hope this helps.

bakunin
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Incomming EmailAttachments

Hello, I have a requirement to accept incoming email attachements on my server to be saved off and processed into a database. I can find lots of information on sending attachments but nothing about handling incomming attachments. I need to be able to test for an attachment, ensure it's ascii and... (1 Reply)
Discussion started by: grhodes
1 Replies

2. IP Networking

blocking DHCP

I've got a legit DHCP server on my network. I've got a 3550 as my VTP server providing 4 vlans to 4 2950 switches. If somebody were to plug into one of those vlans with a DHCP server configured then it would throw off my whole network. How could i block the DHCP server that could plug into the... (2 Replies)
Discussion started by: byblyk
2 Replies

3. Linux

how to configure Linux for incomming connections

I have two computers running red hat, but when i use telnet command in a shell from one to another, it works. but from the other , it does not, it said: refused. i sent the security for incoming connecting, but it still not work . anyone have experience ? thanks vh (1 Reply)
Discussion started by: new23
1 Replies

4. IP Networking

Mac OS X IP traffic shaping question

Not sure if this considered traffic shaping or not, so I'll appreciate the enlightenment... Setup- Mac Pro, Mac OS X 10.5.6, Crashplan Pro Backup server. the Mac Pro has 2 E-net ports, en0, en1. Both E-net ports are connected to the same network, different IP's. Problem- We are planning to... (1 Reply)
Discussion started by: pbenware
1 Replies

5. UNIX for Dummies Questions & Answers

NIC card monitoring traffic question

Folks; I have 2 NIC cards on my SUSE Linux server. One of them was reporting receive errors for a while now it's OK, but i'd like to monitor it. Is there any command i can run to tell me the usage in the past or give me a history of traffic and the speed that going on this specific card? I... (1 Reply)
Discussion started by: Katkota
1 Replies

6. UNIX for Advanced & Expert Users

ps blocking

Hi Folks I have been debugging a script that is called every thirty seconds. Basically it is doing a ps, well two actually, one to file (read by the getline below) and the other into a pipe. The one into the pipe is: - V_SYSVPS=/usr/sysv/bin/ps $V_SYSVPS -p$PIDLIST -o$PSARGS... (0 Replies)
Discussion started by: steadyonabix
0 Replies

7. UNIX for Dummies Questions & Answers

Blocking signals

I know how to add signal to a set. But what if I want to add 2 or 3 signals to the set. I know I can use sigaddset (&set,SIGBUS)....but what if I want to add SIGBUS and SIGALRM at once. Do i have to do it like this.. sigaddset (&set,SIGBUS); sigaddset (&set,SIGALRM); Is there another way to... (0 Replies)
Discussion started by: joker40
0 Replies

8. Solaris

Solaris Question - How to find outgoing traffic on UDP ports

Hello All, I am trying find a command that would show me the stats of outgoing traffic on UPD ports on a Solaris 10 box. I would appreciate if anybody could help me out on this. Thank you much!!! Best Regards Sudharma. (7 Replies)
Discussion started by: sudharma
7 Replies

9. IP Networking

blocking traffic to destination network by port

I am trying to block ALL traffic except when from ports 9100,22,23 to destination network 192.0.0.0 (my WAN): 2 networks 192.0.3.0 with static route to 192.0.0.0 Shouldn't this work?: iptables -A INPUT -p tcp -d 192.0.0.0/24 --dport 22 -j ACCEPT iptables -A INPUT -p tcp -d 192.0.0.0/24... (3 Replies)
Discussion started by: herot
3 Replies

10. Programming

Which are blocking and non-blocking api's in sockets in C ?

among the below socket programming api's, please let me know which are blocking and non-blocking. socket accept bind listen write read close (2 Replies)
Discussion started by: VSSajjan
2 Replies

LEARN ABOUT FREEBSD

whois

WHOIS(1)						    BSD General Commands Manual 						  WHOIS(1)

NAME

     whois -- Internet domain name and network number directory service

SYNOPSIS

     whois [-aAbfgiIklmQrR] [-c country-code | -h host] [-p port] name ...

DESCRIPTION

     The whois utility looks up records in the databases maintained by several Network Information Centers (NICs).

     The options are as follows:

     -a      Use the American Registry for Internet Numbers (ARIN) database.  It contains network numbers used in those parts of the world covered
	     neither by APNIC, AfriNIC, LACNIC, nor by RIPE.

	     (Hint: All point of contact handles in the ARIN whois database end with "-ARIN".)

     -A      Use the Asia/Pacific Network Information Center (APNIC) database.	It contains network numbers used in East Asia, Australia, New Zea-
	     land, and the Pacific islands.

     -b      Use the Network Abuse Clearinghouse database.  It contains addresses to which network abuse should be reported, indexed by domain
	     name.

     -c country-code
	     This is the equivalent of using the -h option with an argument of "country-code.whois-servers.net".

     -f      Use the African Network Information Centre (AfriNIC) database.  It contains network numbers used in Africa and the islands of the
	     western Indian Ocean.

     -g      Use the US non-military federal government database, which contains points of contact for subdomains of .GOV.

     -h host
	     Use the specified host instead of the default variant.  Either a host name or an IP address may be specified.

	     By default whois constructs the name of a whois server to use from the top-level domain (TLD) of the supplied (single) argument, and
	     appending ".whois-servers.net".  This effectively allows a suitable whois server to be selected automatically for a large number of
	     TLDs.

	     In the event that an IP address is specified, the whois server will default to the American Registry for Internet Numbers (ARIN).	If
	     a query to ARIN references APNIC, AfriNIC, LACNIC, or RIPE, that server will be queried also, provided that the -Q option is not
	     specified.

	     If the query is not a domain name or IP address, whois will fall back to whois.crsnic.net.

     -i      Use the Network Solutions Registry for Internet Numbers (whois.networksolutions.com) database.  It contains network numbers and
	     domain contact information for most of .COM, .NET, .ORG and .EDU domains.

	     NOTE!  The registration of these domains is now done by a number of independent and competing registrars and this database holds no
	     information on the domains registered by organizations other than Network Solutions, Inc.	Also, note that the InterNIC database
	     (whois.internic.net) is no longer handled by Network Solutions, Inc.  For details, see http://www.internic.net/.

	     (Hint: Contact information, identified by the term handle, can be looked up by prefixing "handle " to the NIC handle in the query.)

     -I      Use the Internet Assigned Numbers Authority (IANA) database.  It contains network information for top-level domains.

     -k      Use the National Internet Development Agency of Korea's (KRNIC) database.	It contains network numbers and domain contact information
	     for Korea.

     -l      Use the Latin American and Caribbean IP address Regional Registry (LACNIC) database.  It contains network numbers used in much of
	     Latin America and the Caribbean.

     -m      Use the Route Arbiter Database (RADB) database.  It contains route policy specifications for a large number of operators' networks.

     -p port
	     Connect to the whois server on port.  If this option is not specified, whois defaults to port 43.

     -Q      Do a quick lookup.  This means that whois will not attempt to lookup the name in the authoritative whois server (if one is listed).
	     This option has no effect when combined with any other options.

     -r      Use the R'eseaux IP Europ'eens (RIPE) database.  It contains network numbers and domain contact information for Europe.

     -R      Use the Russia Network Information Center (RIPN) database.  It contains network numbers and domain contact information for subdomains
	     of .RU.  This option is deprecated; use the -c option with an argument of "RU" instead.

     The operands specified to whois are treated independently and may be used as queries on different whois servers.

EXIT STATUS

     The whois utility exits 0 on success, and >0 if an error occurs.

EXAMPLES

     Most types of data, such as domain names and IP addresses, can be used as arguments to whois without any options, and whois will choose the
     correct whois server to query.  Some exceptions, where whois will not be able to handle data correctly, are detailed below.

     To obtain contact information about an administrator located in the Russian TLD domain "RU", use the -c option as shown in the following
     example, where CONTACT-ID is substituted with the actual contact identifier.

	   whois -c RU CONTACT-ID

     (Note: This example is specific to the TLD "RU", but other TLDs can be queried by using a similar syntax.)

     The following example demonstrates how to query a whois server using a non-standard port, where ``query-data'' is the query to be sent to
     ``whois.example.com'' on port ``rwhois'' (written numerically as 4321).

	   whois -h whois.example.com -p rwhois query-data

SEE ALSO

     Ken Harrenstien and Vic White, NICNAME/WHOIS, 1 March 1982, RFC 812.

HISTORY

     The whois command appeared in 4.3BSD.

BSD
								  October 2, 2009							       BSD
All times are GMT -4. The time now is 06:51 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy