ubuntu-phone team mailing list archive
Mailing list archive
Re: Is ubuntu phone resistant to vault 7 attacks?
El día Saturday, March 11, 2017 a las 11:52:22AM +0100, Oliver Grawert escribió:
> > > > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> > > > tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN
> > > > tcp6 0 0 :::22 :::* LISTEN
> > > >
> > > >
> > > > That's why I requested some kind of firewall
> > rules to limit access to such ports based on source IP addr, for
> > example.
> just limit the client ip range in the sshd conf ...
This is in a read only file system.
> as others mentioned the only port that is open by default for an end-
> user is port 53 listening to requests coming from localhost. given that
> all other ports are closed a firewall gains you exactly nothing except
> complexity and the danger that you mess up configuring it ...
ofc, this should have a default config (all prohibited) and only experts
would open what the think to need;
> while the phone is mostly used by developers, the focus of the system
> also ... why would you keep ssh running when not actively developing ?
> it is surely nothing you should keep constantly running while not using
> the phone in development mode if you are seriously concerned about your
> device security.
> these are developer options you should be using while developing,
> nothing the system enables by default.
because I do any transports of file (pictures, downloads, ...) via SSH;
Matthias Apitz, ✉ guru@xxxxxxxxxxx, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045