LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-09-2003, 04:54 PM   #1
Paul_assheton
Member
 
Registered: Nov 2000
Location: Ware (Nr London, England
Posts: 114

Rep: Reputation: 15
IPtables open ports


Hi there,

I run a RH7.3 server to act as a NAT and firewall for my cable modem. I recently popped to the grc.com site to test my firewall (I do this occasional as the probes are constantly being improved). I ran the new test there that test all the first 1056 ports. To my horror some where not stealthed and one was open!

I run Firestarter to generate my ruleset. I have read Iptables howtos and cannot make head nor tail of them! I got rid of most of the problem's but there are still several closed but not stealthed ports on my system. I will include the output from the grc portscanner at the end of this message. I have found Firestarter to be an easy to use program. Can anyone advise me on an equally easy to use system or how to close these holes. I want to be completely stealthed on the net.

Thank you

Paul


----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2003-10-09 at 20:42:39

Results from scan of ports: 0-1055

0 Ports Open
34 Ports Closed
1022 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 67, 68, 1024, 1025, 1026, 1027,
1028, 1029, 1030, 1031, 1032,
1033, 1034, 1035, 1036, 1037,
1038, 1039, 1040, 1041, 1042,
1043, 1044, 1045, 1046, 1047,
1048, 1049, 1050, 1051, 1052,
1053, 1054, 1055

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------
 
Old 10-09-2003, 10:04 PM   #2
Read_Icculus
Member
 
Registered: Oct 2002
Distribution: MDK 9.2, Debian
Posts: 74

Rep: Reputation: 15
Most the GUIs for iptables like Firestarter and Guarddog make some pretty heinous scripts for your firewall, usually they come with some kind of warning not to edit them, because of that complexity and because you might mess up the operation of the front-end if something is changed in the wrong way in the script. To double-check your results you should check out pcflank.com and hit up the advanced port scanner, you can do a batch check on those specific ports that showed up as closed in the grc scan. I'm guessing that the reason that your 1024-1055 ports were reported as 'CLOSED' is because those ports are being used for making data connections and whatnot over the net while you are doing all of this, so I wouldn't worry too much about those. I'm sure that you can stealth them somehow with FS, (/etc/firestarter/stealth*?), but as a simple to use, very effective firewall I suggest Guarddog. The default rules are to allow nothing through the firewall either way, and to stealth all ports, including all the ones you are concerned about. It comes with a very good configuration setup where you can select the various types of communication you want to let through, (FTP, ssh, traceroute, ping, jabber, yahoo, whatever). Everything besides the things you specifically select are blocked, which I think is a damn good security model.
 
Old 10-09-2003, 10:11 PM   #3
Read_Icculus
Member
 
Registered: Oct 2002
Distribution: MDK 9.2, Debian
Posts: 74

Rep: Reputation: 15
Also an easy way to setup a simple firewall for a server is to use something like FS or GD to configure your various rules and generate a script, then you can simply use your rc.firewall/firewall.sh script on your server and remove the overhead of running X and a desktop like Gnome or KDE. Of course for an important server I'd want to write my own iptables rules and make sure I knew exactly what was running, but the what I outlined above is an easy alternative, especially if you don't want to futz with learning much about iptables.
 
Old 10-10-2003, 03:03 AM   #4
Paul_assheton
Member
 
Registered: Nov 2000
Location: Ware (Nr London, England
Posts: 114

Original Poster
Rep: Reputation: 15
Thanks for the advice.

Looking at the port discriptions for the open ports around 1024 they are used by windows processes apparently. As I have windows computers behind my firewall (the shame!) they may be using those ports through NAT. Though I have no idea what they where doing. Trouble is I dont think Microsoft would know either.

I will look at the products that you suggest.

The reason I am investigating my firewall was I noticed an increase in hits in the log files. About a 3 fold increase! My isp changed my IP address recently as they do about once every month and I think I have gotten one that must have belonged to a popular computer to hack!

Thanks

Paul
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I open up ports in iptables? ekerik Linux - Networking 13 10-07-2009 12:00 PM
Open All Ports - iptables Artik Linux - Networking 2 06-21-2005 04:17 PM
ports open with iptables saugato Linux - Security 3 04-19-2005 02:31 AM
open ports with iptables? tykkea811 Linux - Networking 2 12-12-2004 02:43 AM
Iptables: Open some ports! Abomm Linux - Networking 2 05-31-2002 02:49 AM


All times are GMT -5. The time now is 12:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration