Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 27 Feb 2020, 21:41
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Unsorted
Xportscan.pup & hosts_file.pup
Moderators: deshlab, Flash, GuestToo, Ian, JohnMurga, Lobster
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [27 Posts]   Goto page: 1, 2 Next
Author Message
klhrevolutionist


Joined: 08 Jun 2005
Posts: 1124

PostPosted: Sat 15 Oct 2005, 02:26    Post subject:  Xportscan.pup & hosts_file.pup  

XPortScan is a multi-threaded, cross-platform, GUI port scanner. It is modular so that new features are easy to integrate, and even completely changing the GUI is easy.

This register's with pupget & adds icon to menu

_________________
Heaven is on the way, until then let's get the truth out!
Back to top
View user's profile Send private message 
klhrevolutionist


Joined: 08 Jun 2005
Posts: 1124

PostPosted: Tue 18 Oct 2005, 01:07    Post subject: hosts.pup updated 11-03  

**Updated 11-03-05** This is the most up to date hosts file on the web.


"What it does ...
The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Linux/Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems. Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by that DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements. Why? ... because in most cases "Ad Servers" like Doubleclick will open a separate connection on the webpage you are viewing.

_________________
Heaven is on the way, until then let's get the truth out!

Last edited by klhrevolutionist on Fri 04 Nov 2005, 00:37; edited 3 times in total
Back to top
View user's profile Send private message 
puppian


Joined: 18 Jul 2005
Posts: 538
Location: PuppyLand

PostPosted: Thu 20 Oct 2005, 13:25    Post subject: Re: Xportscan.pup & hosts_file.pup  

klhrevolutionist wrote:
XPortScan is a multi-threaded, cross-platform, GUI port scanner. It is modular so that new features are easy to integrate, and even completely changing the GUI is easy.

This register's with pupget & adds icon to menu

Hey thanks! Cool
To use it I don't need to configure anything and simply click 'scan' when I'm online right?

It reported that port 6000 is opened (puppy103, Morizot firewall), a search from the web tells me that the port is used by X-server and something can be done to close it. Do I need to do that in Puppy?

_________________
Puppylinux.org - Community home page of Puppy Linux hosted by Barry (creator of Puppy), created and maintained by the Puppy Linux Foundation since 2005
Back to top
View user's profile Send private message Visit poster's website 
GuestToo
Puppy Master

Joined: 04 May 2005
Posts: 4078

PostPosted: Thu 20 Oct 2005, 18:59    Post subject:  

you can put the -nolisten TCP option in X options ... either using the video wizard, or edit the file /etc/xextraoptions
Back to top
View user's profile Send private message 
puppian


Joined: 18 Jul 2005
Posts: 538
Location: PuppyLand

PostPosted: Wed 26 Oct 2005, 07:25    Post subject:  

GuestToo wrote:
you can put the -nolisten TCP option in X options ... either using the video wizard, or edit the file /etc/xextraoptions

That works! Thanks Very Happy

One more thing, after I press scan, ports like 80, 8080, etc are not shown, is it normal? Or do I need to enter something in the "Host/IP" field (the default is "127.0.0.1")?

_________________
Puppylinux.org - Community home page of Puppy Linux hosted by Barry (creator of Puppy), created and maintained by the Puppy Linux Foundation since 2005
Back to top
View user's profile Send private message Visit poster's website 
Bruce B

Joined: 18 May 2005
Posts: 11488
Location: The Peoples Republic of California

PostPosted: Wed 26 Oct 2005, 08:08    Post subject:  

Thanks!

The hosts file 127.0.0.1 ad.badserver.net routine does a really good job of blocking outbound connections to ad.badserver.net

There isn't any problem with using the hosts file to clean up your surfing in terms of actually blocking. I use it extensively.

There is, however, a problem I wish to explain in some detail. Your web browser (or any application for that matter) will actually go to 127.0.0.1 looking for whatever it was told by the browser to get from ad.badserver.net

In the vast majority of cases it goes to port 80, the problem is, if there is nothing running at 127.0.0.1:80, the web browser keeps trying until it times out. It eventually reports back with an error message of 500 or something close to that. This can slow the browsing down because the timeout can delay the page loading as the browser attempts to get a non-existent object.

One solution to get rid of these delays is to actually run a web server at 127.0.0.1:80, when the browser requests an object, the local web server will look for the requested object and return a very fast 404 or 403, and the browser doesn't wait to get objects it won't be able to get.

In order to work around this problem myself, I downloaded a more recent version of Busybox with a little http daemon built in to handle the requests the hosts file routes to it. I renamed it to something like bbox to avoid any potential naming confusions and ran the server.

I think a better solution would be to run a little daemon that is designed specifically for these requests. There is one written in Java for multi-platforms called eDexter. Basically, what it does is reply with an error code of 200 and a 1x1 clear gif image to put in place of the advertisement or whatever the object may be.

I've used the Windows version and I think the world of it. I haven't used multi-platform .jar version

If anyone is interested check it out at www.pyrenean.com
Back to top
View user's profile Send private message 
GuestToo
Puppy Master

Joined: 04 May 2005
Posts: 4078

PostPosted: Wed 26 Oct 2005, 20:42    Post subject:  

Quote:
after I press scan, ports like 80, 8080, etc are not shown, is it normal?


i have not tried xPortScan, but i think it is scanning for open ports

i think an open port means that a program or service (like a web or ftp server or a telnet or ssh daemon) is listening for incoming connections and will respond to incoming requests

so if you have a web server, like Puppy's nullhttpd, or Monkey or Apache, running and listening for connections on port 80, xPortScan should detect that port 80, is open

if you click on a link in your web browser (Mozilla or Firefox or Opera or Dillo), your computer is sending an outgoing request ... a response to the request would be a reply to the outgoing request, it would not be incoming traffic

so normally, using a web browser or an email program would not open a port to incoming traffic ... there might be traffic and connections on port 80, but it will not be incoming traffic and connections, it will outgoing traffic and replys to outgoing traffic

running a server will open ports for incoming connections and traffic ... incoming traffic occurs when another computer tries to connect to your computer and asks your computer for something, like a web page or a file

the Morizot firewall is setup by default to refuse all incoming traffic and to allow all outgoing traffic and to allow any replies to outgoing traffic
Back to top
View user's profile Send private message 
goncal

Joined: 09 Oct 2005
Posts: 71
Location: Girona, Spain

PostPosted: Thu 27 Oct 2005, 13:32    Post subject:  

Hi GuestToo,

This would actually mean that whatever on earth you do, if you are running Morizot and do not have any daemon actually listening to ports, then you are 100% safe all of the time. Is that correct?

I guess that if you run PortScan, always using your Puppy computer's local IP (192.168.whatever) and it finds absolutely nothing open on your Puppy computer then it means there is no daemon loaded.

I have never tried PortScanning my computer as the small Puppy FTP server was running but I will do it. What I do know is that if I have Morizot running, this actually prevents a Windows PC on the network (running XP by the way) to access the Puppy computer. To get over that problem I disabled Morizot as my router is supposed to be a firewall (and its firewall settings are now set to 'high' all of the time), ran the file transfer between the computers, and then re-enabled Morizot. Of course as I was doing this noone else was using the Puppy computer to get on the Net.

To really overcome this problem, if I configure Morizot to let the outside world have a look at port 21 on the Puppy computer (well, outside-inside world as I still have the router's firewall between me and the dangerous outside world), would that mean I could not stealth that port at all with Morizot?

Cheers

Gonçal
Back to top
View user's profile Send private message Yahoo Messenger 
GuestToo
Puppy Master

Joined: 04 May 2005
Posts: 4078

PostPosted: Thu 27 Oct 2005, 20:11    Post subject:  

i am not a security expert ...

if you have no programs listening for incoming connections, then other computers can't connect to your computer

if you have incoming traffic and connections blocked by a firewall, other computers can't connect to you

if you have any ports open for outgoing traffic and connections, then your computer can connect to other computers ... for example, you could click a link or select a bookmark in your web browser (Mozilla, Firefox, Opera, Dillo)

you can browse the internet and send and receive email without having any incoming ports open

having no open incoming ports does not mean you are 100% safe

you could download a virus or a rootkit from a web page and run it

you could run an email attachment that is a virus or rootkit

you could run a malicious program that could connect to another computer anywhere ... many programs can setup connections in passive mode, that just needs an outgoing port, like port 80 ... for example, dijjer, i think skype can do this

i think you are more or less safe from incoming connections if you have a router with a firewall anyway

i have a copy of the firewall in /etc/rc.d/ in my-applications/bin, renamed fw, so i can type fw to start the firewall and i can type fw stop to stop the firewall ... i have another copy of the firewall configured with ports open for bit torrent, called fw-azureus ... i put these lines in my script that starts Azureus (bit torrent client)
fw stop
fw-azureus


so when i run Azureus, it automatically opens the bit torrent ports (i probably don't really need the fw stop instruction)

if you allow port 21 in the firewall, but you have no program listening on port 21 (like an ftp server), i think a port scan should show that port 21 is not open ... i'm not sure if the port would be "stealthed" or not
Back to top
View user's profile Send private message 
Bruce B

Joined: 18 May 2005
Posts: 11488
Location: The Peoples Republic of California

PostPosted: Thu 27 Oct 2005, 21:24    Post subject:  

> you can browse the internet and send and receive email without having any incoming ports open

That's true, its not that anything you said is wrong. I'd just like readers to understand more by elaborating some.

The basic principle is that all data of this type travels in and out of ports.

In example: The email client will open up an available port and send information to a remote computer, usually on port 110 (POP) it transmits various information like username, password and a request to download the email.

The mail server responds and another port on your computer gets opened up to accept the inbound data.

The email client retrieves the data and when finished that port closes. The first outbound port probably closed shortly after it finished sending the request.

The firewall monitoring all your ports is likely aware of the opening of the inbound port, but allows it to pass because the return data is expected as the request for it originated from your computer.

So for a short while ports are opened and two computers communicate and transmit data between each other via their application software. This is a safe data exchange to the extent that the application software is well written and trustworthy.

----------------

In this example, everything is good, but maybe not so. Your ISP served you well by giving you all your email. That is what you requested it to do. Maybe a trusted friend unknowingly sent you a virus infected screen saver and you run it.

When the trojan program runs, it may do basically the same thing as the email client meaning transmit and receives remote data.

A firewall that is only designed to monitor inbound connections will not catch the malicious program.

For this reason it has become more important for firewall software to also monitor, log and offer control over unwanted outbound connections.

(Windows XP comes with a built in firewall, but it doesn't monitor or control outbound connections. It should not take much intelligence to figure out why it doesn't. So I will not explain.)

I don't know of any of our Linux firewalls that monitor and control outbound connections. It anyone does, I'd sure appreciate your sharing this knowledge with me.

In any event there aren't many trojan, virus or destructive programs written to exploit the Linux user.

------------------

Changing subject just a little bit. I don't think Linux users should suffer the illusion that W32 compiled .exe viruses and malware won't run on Linux.

For wine users, all it should take to run one is:

wine ./filename (.exe extension not needed)

I'm not so sure, maybe the ./ isn't needed with wine Smile


------------------

There potential for problem, but I don't see anything going on with Puppy, which I feel warrants posting. With one exception. The exception is the P2P Dot pups, I think if a person wants P2P, they might want to educate themselves on the particular client / server before opting in.

For the privacy minded, there is Macromedia and RealPlayer to consider.

-------

Whatever you do - don't worry be happy
Back to top
View user's profile Send private message 
GuestToo
Puppy Master

Joined: 04 May 2005
Posts: 4078

PostPosted: Thu 27 Oct 2005, 23:10    Post subject:  

i am not a security expert, so elaborations are useful and welcome

Quote:
I don't know of any of our Linux firewalls that monitor and control outbound connections


the firewall Puppy (and a lot of Linux distros) use is iptables ... the Morizot firewall is just a bash script that sets up the rules that the iptables firewall uses ... there are many scripts to setup firewall rules, but many of them are intended for complicated networks ... Quicktables (on my dotpups page) would probably be good enough for most users of Puppy ... the Morizot script was configured as a simple firewall for a standalone machine

i think iptables can block any outgoing ports you like ... for example, i think you can block all outgoing ports except for port 80, and you could use your browser on port 80, and all the other ports would be closed (of course, you would need a few more outgoing ports open, like DNS requests etc etc)

i don't know if iptables can block/allow packets to/from specific programs or not ... ps can tell you what ports specific programs are using
Back to top
View user's profile Send private message 
GuestToo
Puppy Master

Joined: 04 May 2005
Posts: 4078

PostPosted: Thu 27 Oct 2005, 23:15    Post subject:  

one thing i noticed about RealPlayer, is after i finish watching RealPlayer encoded movies when running Windows (the movie is a file on my hard drive, like an avi file), RealPlayer would try to connect to Microsoft ... maybe it was just looking for updated codecs, maybe
Back to top
View user's profile Send private message 
puppian


Joined: 18 Jul 2005
Posts: 538
Location: PuppyLand

PostPosted: Fri 28 Oct 2005, 14:42    Post subject:  

GuestToo wrote:
i have not tried xPortScan, but i think it is scanning for open ports.....

Thanks Smile
Now I understand ... I was always confused by the terms "incoming", "outgoing", "listening"... what a noobie Embarassed

_________________
Puppylinux.org - Community home page of Puppy Linux hosted by Barry (creator of Puppy), created and maintained by the Puppy Linux Foundation since 2005
Back to top
View user's profile Send private message Visit poster's website 
klhrevolutionist


Joined: 08 Jun 2005
Posts: 1124

PostPosted: Fri 28 Oct 2005, 14:54    Post subject: here ye!  

I am trying to make an xnmap dotpup.
It is more detailed and better than xportscan.
Wish I would've knew that before Embarassed

_________________
Heaven is on the way, until then let's get the truth out!
Back to top
View user's profile Send private message 
Bruce B

Joined: 18 May 2005
Posts: 11488
Location: The Peoples Republic of California

PostPosted: Fri 28 Oct 2005, 17:06    Post subject:  

>> i don't know if iptables can block/allow packets to/from specific programs or not ... ps can tell you what ports specific programs are using

I think typically the client looks for an available port starting about port 1024 and taking what's available. It is dynamic and won't necessarily use the same exact port each time.

Also browsers when running many threads open many ports to conduct business. And if well written it closes the ports quickly. Not for security purposes but it is just good practice to close the doors.

This is just the way things work, there is no security problem I'm aware of or have ever read about. These clients are not serving as deamons and aren't written to handle incoming requests on those ports.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [27 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Unsorted
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1385s ][ Queries: 12 (0.0565s) ][ GZIP on ]