Q:-regarding open ports

nurmagoz · March 12, 2015, 9:59pm

Q: i have checked my ports with Gibson Research Corporation (GRC) Shield up , and i have found the ports arranged like this:

Simple Mail Transfer Protocol port 25 => opened
http port 80 => opened
https port 443 => opened
doman port 54 => opened
microsoft-ds port 445 => stealth
ssh port 22 => opened
TINC port 655 => opened
asipregistry port 687 => opened
FTP port 21 => opened

and the rest is closed.

so i wonder if thats ok regarding ports changing?

also i want to ask about whonix gateway gave 2 nutty color messages in arm:-

Events (TOR/ARM NOTICE - ERR):

21:50:55 [WARN] socks version 71 not recognized. (Tor is not an http proxy.) [3 duplicate hidden]

21:33:00 [WARN] Received http status code 404 (“Not found”) from server ‘146.0.42.110:22’ while fetching “/tor/keys/fb/27B6B5996C426270A5C95488AA5BCEB6BCC86956”

is everything ok regarding the above actions ? (because i dont feel so )

note*:
1-im running whonix with tester repository

2-the time of whonix is not matched with the time of windows (host OS) even if i run timesync

thnx

nurmagoz · March 12, 2015, 10:01pm

[s]what these notifications trying to say?

workstation notifications

1- AppArmor Message
Profile: /usr/bin/sdwdate
Operation:mkdir
Name: /var/cache/sdwdate/sclockadj/.ruby_inline/
Denied: c
Logfile: /var/log/kern.log
for more information please see:
https://wiki.ubuntu.com/debuggingapparmor

2- AppArmor Message
Profile: /usr/bin/sdwdate
Operation:exec
Name: /usr/lib/sdwdate/sclockadj_debug_helper
Denied: x
Logfile: /var/log/kern.log
for more information please see:
https://wiki.ubuntu.com/debuggingapparmor

3-AppArmor Message
Profile: /usr/bin/xchat
Operation:mknod
Name: /home/user/.aspell.en.prepl
Denied: c
Logfile: /var/log/kern.log
for more information please see:
https://wiki.ubuntu.com/debuggingapparmor
[/s]

^^^^ answer to this one found to be here

Patrick · March 12, 2015, 10:20pm

A port scan inside Whonix-Workstation (example: GRC) is of very little use. Won’t check Whonix-Workstation, but the Tor exit you are currently using. Open ports could be open ports of Tor exits.

Apparmor:
It tires to do stuff which is forbidden by the apparmor profiles. Those will be fixed when we update the profiles. No need to report them here again, since you already did in the other thread.

Arm:

Patrick · March 12, 2015, 10:24pm

And there is a good news and a bad one. The good one is, those messages are mostly harmless. Usual bugs. The bad one is, there is absolutely no way to detect a skilled attacker that managed to break into a system. Maybe there is, but it is super difficult. Certainly not possible with point and click tools. Forget about antivirus etc.

nurmagoz · March 12, 2015, 10:40pm

yep very true , using scanners and getting the exploits of any program (java , flashplayer …etc) and u know many of us should click on a link in a way or other , then u r doomed with that click. and there r many skills of wiping the fingerprints of the hackers which is as u said its very difficult to know if u have been compromised or not

(i have modified the above article to fit the answers and avoiding repeats)