Can somebody help me with some information about the next question; i need to secure my computer in someway because it is showing my computer name, IP and provider etc. How can i make sure i am not in danger of beeing `attacked` by a virus etc.?????
:?:

Turn off and unplug your computer.

If you are really concerned, burry your computer underground too.

- A

You mean that i am concerned wthout reason ?! Got it!!!

:oops: :lol:


I am only concerned about the fact that in the past i did use ms windows and allmost everyday i had to use my virus programme and update weekly...........

Thanks

if it is a HDD install you could add iptablesscript that blocks everything you do not want, that is it is a firewall.
guarddog and guidedog, kmyfirewall, knetfilter and a several others can help you do the config.

You can do this even if it's running from CD too.

- A

or you can not worry about it, there are very few linux viruses, and the risk of people picking up your IP address and scanning for vunerabilities are slim to none. Linux is very secure, you shouldn't have much worrying to do.

if it is a HDD install you could add iptablesscript that blocks everything you do not want, that is it is a firewall.
guarddog and guidedog, kmyfirewall, knetfilter and a several others can help you do the config.

:) thankx man this is what i was waithing for .....


:D

or you can not worry about it, there are very few linux viruses, and the risk of people picking up your IP address and scanning for vunerabilities are slim to none. Linux is very secure, you shouldn't have much worrying to do.

That has to be the worst piece of advice I've ever seen offered. If you're online you're going to get scanned. And you're in just as much danger with Linux as Windows, I can see you've never had to secure a server. Lets take a quick look at a default Knoppix HDD installation with nmap:

dswan@genomics[dswan] nmap -sT ivpcp032 [ 5:41PM]

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on ivpcp032 (XX.XX.XX.XX):
(The 1587 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open sunrpc
443/tcp open https
631/tcp open ipp
718/tcp open unknown
993/tcp open imaps
995/tcp open pop3s
1011/tcp open unknown
3128/tcp open squid-http
10082/tcp open amandaidx
10083/tcp open amidxtape

If I had all those ports open on a server, I would expect trouble. That's awful, and Knoppix when its installed needs locking down HARD. The fastest, simplest way for a new user to configure a nice tight set of iptables rules is to use a script which will generate them automatically. I personally swear by NARC as it takes 5 minutes to install and set up and locks your machines down tight. Get it from here : http://www.knowplace.org/netfilter/narc.html

That has to be the worst piece of advice I've ever seen offered. If you're online you're going to get scanned. And you're in just as much danger with Linux as Windows, I can see you've never had to secure a server. Lets take a quick look at a default Knoppix HDD installation with nmap:

Well if you are going to give advice at least be truthful about it. Those ports are not open after an install you have upgraded the install without removing the servers and they have been started you because you have accepted the default Debian scripts instead of keeping the Knoppix ones.

That has to be the worst piece of advice I've ever seen offered. If you're online you're going to get scanned. And you're in just as much danger with Linux as Windows, I can see you've never had to secure a server. Lets take a quick look at a default Knoppix HDD installation with nmap:

Well if you are going to give advice at least be truthful about it. Those ports are not open after an install you have upgraded the install without removing the servers and they have been started you because you have accepted the default Debian scripts instead of keeping the Knoppix ones.

I wasn't being untruthful, I actually had no idea that was the case. Yes I did select all the debain package defaults on upgrade, and its perfectly possible that MANY other people will do the same simply because they won't actually understand the choices being offered (I was trying to "de-knoppixify" my installation) so I think the point is valid. I was objecting to the comment that Linux is somehow inherently secure, and after 9 years of using it I think that assuming your installation is secure out of the box is the biggest mistake anyone can make.

[quote=false-hopes]when its installed needs locking down HARD.

so true, de"fault knoppix is definately not something you want to go on the internet with, not only you have to lock down services, try to upgrade the kernel(it's bugged) and remove a bunch of useless (suid) files too, when you don' with that, it starts to get reasonably to work with it, although you're not finished yet: you may want to secure/upgrade specific services too.

really interesting topic

linux can protect you from windows malware (worm, virus, trojan, windows applications exploit, windows rootkits)

but there is a lot of linux rootkits around
a rootkit scan an ip adress or a range ip looking for some defined open ports (associated with known process security whole)
it logs the scan result in a file and ask you if you want to try to exploit the security wholes on the target comp

there are some root kits you can add your own exploit

so put a linux workstation directly on the internet is not so secure as it seems

my mandrake 8.1 webserver installed behind a secured debianbox was hacked two times in a year

really interesting topic

linux can protect you from windows malware (worm, virus, trojan, windows applications exploit, windows rootkits)

but there is a lot of linux rootkits around
a rootkit scan an ip adress or a range ip looking for some defined open ports (associated with known process security whole)

actually, what you describe is a worm, a rootkit is a set of utilities, typically kernel level enhancements that try to hide anomalous activity. for instance, hide network connections as seen wirh netstat, processes as seen by ps, it sometimes adds a icmp backdoor etc.

@xaoz
thanks for the help

as you can find over 70 000 windows malwares
as you can find up to 70 linux malwares, linux is a natural protection

the actuals most knows rootkit are like you have defined
but this is just a kind of rootkit

a rootkit is a tool which will give a root access on a target comp
as there many ways to try to do it, every tools attempting to do it are called rootkit

when i see debian router box's firewall log, i can see the attacks

it's very interesting too

regards