LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-08-2009, 12:38 PM   #1
~zoey~
Member
 
Registered: Aug 2004
Location: South Dakota
Distribution: ubuntu & PCLOS
Posts: 119

Rep: Reputation: 15
Unhappy Can't stop Echo Requests With Firestarter


I'm running Ubuntu Intrepid.
Shields Up shows port 22 as open and vulnerable. I have Firestarter ICMP Filtering set for NO response to echo requests (no ping or pong), but port 22 responds to Shields Up pings anyway. Is there a way to stealth port 22? I can figure out Firestarter better than other Linux Firewall guis, but it won't do what I want it to. I tried gufw and couldn't figure out how to manage it.

Thanks, zoey
 
Old 04-08-2009, 12:42 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
well IS port 22 open? That's ssh if you're not aware. and an echo request IS ping (icmp type echo request) and won't relate to tcp sockets.
 
Old 04-08-2009, 01:00 PM   #3
~zoey~
Member
 
Registered: Aug 2004
Location: South Dakota
Distribution: ubuntu & PCLOS
Posts: 119

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
well IS port 22 open? That's ssh if you're not aware. and an echo request IS ping (icmp type echo request) and won't relate to tcp sockets.
Yes, I did know that port 22 is ssh and it is the only port that Sheilds Up sees because it answers the ping even though Firestarter is set not to respond to any pings. LS ping gets me a cute little choo choo train that goes across and disappears without telling me anything in the terminal.

Thanks, zoey
 
Old 04-08-2009, 01:39 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
a tcp port can not respond to a ping, it's a different protocol. There are things which may been seen to perform a similar function, e.g. attempting for a tcp half open, but not a ping. Can you clarify exactly what is happening and whether we are trying to address a tcp or icmp problem.

again though, IS ssh open?? If you're not sure, run "iptables -L -n -v" and show us the actual config firestarter has provided for you.
 
Old 04-08-2009, 01:50 PM   #5
~zoey~
Member
 
Registered: Aug 2004
Location: South Dakota
Distribution: ubuntu & PCLOS
Posts: 119

Original Poster
Rep: Reputation: 15
I may be concerned about nothing; I don't know enough to know whether it is a problem that I have Firestarter set to not respond to pings, but port 22 still does. Here is the output for iptables -L -n -V ;
margo@margo-desktop:~$ sudo iptables -L -n -v
[sudo] password for margo:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 24.220.0.10 0.0.0.0/0 tcp flags:!0x17/0x02
200 27761 ACCEPT udp -- * * 24.220.0.10 0.0.0.0/0
0 0 ACCEPT tcp -- * * 24.220.0.11 0.0.0.0/0 tcp flags:!0x17/0x02
0 0 ACCEPT udp -- * * 24.220.0.11 0.0.0.0/0
1294 62308 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 1
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 17
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 18
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 5 limit: avg 2/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 limit: avg 2/sec burst 5
0 0 LSI icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- eth0 * 0.0.0.0/0 255.255.255.255
174 19023 DROP all -- * * 0.0.0.0/0 192.168.0.255
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 LSI all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
43188 61M INBOUND all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input'

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 1
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 17
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 18
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 5 limit: avg 2/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 limit: avg 2/sec burst 5
0 0 LSI icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Forward'

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.0.11 24.220.0.10 tcp dpt:53
200 12921 ACCEPT udp -- * * 192.168.0.11 24.220.0.10 udp dpt:53
0 0 ACCEPT tcp -- * * 192.168.0.11 24.220.0.11 tcp dpt:53
0 0 ACCEPT udp -- * * 192.168.0.11 24.220.0.11 udp dpt:53
1294 62308 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
2 124 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
57 2280 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
31314 2103K OUTBOUND all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Output'

Chain INBOUND (1 references)
pkts bytes target prot opt in out source destination
43182 61M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6 1968 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 LSI all -- * * 0.0.0.0/0 0.0.0.0/0

Chain LOG_FILTER (5 references)
pkts bytes target prot opt in out source destination

Chain LSI (4 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain LSO (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Outbound '
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
30944 2085K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
370 18022 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
margo@margo-desktop:~$
 
Old 04-08-2009, 02:36 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Well there's no default deny, so unless i'm missing something all tcp connections coming in will be permitted outside of any rules there. so... IS SSH RUNNING? DOES SSH WORK?

Again, you can not "ping" port 22, we need to stop using incorrect language.
 
Old 04-08-2009, 02:54 PM   #7
~zoey~
Member
 
Registered: Aug 2004
Location: South Dakota
Distribution: ubuntu & PCLOS
Posts: 119

Original Poster
Rep: Reputation: 15
OK, here's the deal; you are posting to a 71 year old lady who discovered computers about 6 years ago and Linux about a year after that, so not only do I not always understand the answers that I get to my inquiries, I don't even understand the questions sometimes, but I am having a lot of fun just the same. I would never make it without all of the very helpful people on forums and the linux articles on the net. I don't know enough to use correct linux language but I learn more all the time. I would assume that I'm running ssh because it is installed and Sheilds Up 'sees' port 22 (is that correct?). All I know about ssh is that it seems to have something to do with passwords. ....I can hear you groaning from here : ).

Thanks, zoey
 
Old 04-08-2009, 03:34 PM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
OK, well what is your internet architecture you're running there? This laptop is directly connected to the net? Not behind an adsl router or anything? Whilst to be honest I'm a little grey as to how iptables is meant to be handling new tcp connections in general, if you don't want to use ssh, just turn off the service.
 
Old 04-08-2009, 03:53 PM   #9
~zoey~
Member
 
Registered: Aug 2004
Location: South Dakota
Distribution: ubuntu & PCLOS
Posts: 119

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
OK, well what is your internet architecture you're running there? This laptop is directly connected to the net? Not behind an adsl router or anything? Whilst to be honest I'm a little grey as to how iptables is meant to be handling new tcp connections in general, if you don't want to use ssh, just turn off the service.
This is a PC connected to a broadband cable that runs through a router that also has a wireless function. I don't know whether or not I want to use ssh because I don't understand exactly what it does, nor do I know how to turn it off. I think that I am in so far over my head that I should probably just leave things as they are and hope for the best!

Thanks, zoey
 
Old 04-08-2009, 03:56 PM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
Turn off SSH.... System, Administration, Services, unlock, untick Remote Shell Services. SSH is a way to log into the box and get a terminal on it from a remote machine. Like remote desktop on windows, but command line only.
 
Old 04-08-2009, 04:06 PM   #11
~zoey~
Member
 
Registered: Aug 2004
Location: South Dakota
Distribution: ubuntu & PCLOS
Posts: 119

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
Turn off SSH.... System, Administration, Services, unlock, untick Remote Shell Services. SSH is a way to log into the box and get a terminal on it from a remote machine. Like remote desktop on windows, but command line only.
Thank You Very Much,

zoey
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to configure linksys WRT54GL router to forward icmp echo requests? trist007 Linux - Newbie 8 05-02-2010 05:39 PM
ls | echo, I got blank, why can't echo take the 2nd seat in a pipeline? elinuxqs Linux - Newbie 6 11-24-2006 08:25 AM
Linux server will stop responding to telnet requests lab123 Linux - Security 3 10-25-2005 12:37 PM
firestarter echo flood in init mode 3 (text) wizel Linux - Networking 4 03-17-2004 12:52 PM
regular imcp echo requests (type 8's)? yocompia Linux - Security 12 09-14-2003 07:36 PM


All times are GMT -5. The time now is 08:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration