iptables is a good start for staying on top of unwanted traffic, but
you may want to go a step further with Nmap Network Mapper, a program that
scans all of the ports on a machine or network of machines, looking for
potential vulnerabilities. Nmap gives you a view from the outside and eliminates
guessing which ports are open. Most intruders use Nmap, and you can
get it at http://www.insecure.org/.
Warning If someone else controls the network that you want to Nmap or
run Nmap from, ask that person if it's all right that you do so. Network
administrators watch for port scans and delight in stomping on any machine
that runs a scan.
Just run nmap host to run a generic scan on a host. Here's an example scan:
Starting nmap 3.30 http://www.insecure.org/nmap at 2003-08-04 16:25 PDT
Interesting ports on host (10.1.2.2):
The 1636 ports scanned but not shown below are in state: closed
Port State Service
9/tcp open discard
13/tcp open daytime
22/tcp open ssh
37/tcp open time
111/tcp open sunrpc
113/tcp open auth
6000/tcp open X11
Nmap run completed -- 1 IP address 1 host up scanned in 0.594 seconds
The host in this example probably doesn't have any kind of firewall running,
because it has quite a few open ports.
Nmap can do much more — have a look at its manual page and the considerable online resources.
Security Resources
Here are three good security sites:
http://www.sans.org/ Offers training, services, a free weekly newsletter
of the top current vulnerabilities, sample security policies, and more.
http://www.cert.org/ A place to look for the most severe problems.
http://www.insecure.org/ This is the place to go for Nmap and pointers
to all sorts of network exploit testing tools. It's much more open and
specific about exploits than many other sites.