Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This isn't a Linux question, but a Cayman Router question. I have an SBC supplied Cayman router and ran the 6.4.0R2 firmware update. Before, if I was on everything except ClearSailing, I couldn't use the Pinholes or IPMaps. In Clearsailing, I could forward port 25 for my SMTP mail server, but it was still stealthed when using ShieldsUp!. With the the new firmware update, I can use my pinholes and IPMaps on DeadReckoning, but no matter what I have the firewall set on, it no longer stealths my open ports.
Anybody have an idea why this is happening. This seems like a step back to me.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Could you start by explaining what the heck these are?
ClearSailing
Pinholes
IPMaps
DeadReckoning
By the way, read the many previous posts on why it is not possible to "stealth" open ports. If you search for "stealth open possible" you should find my other posts about it, I think. Unles you're narrowing access down to certain IPs, there's no way it will ever look "stealthed".
By the way, could everyone please stop using the phrase "stealth"? No security expert says "my firewall is stealthed!" Instead, they would say "my firewall is setup to default drop". If you say "stealth" in front of real security people, they will probably give you a funny look or perhaps snicker. All thanks to that stupid ShieldsUp! site every newbie is running around saying "stealth this" and "stealth that". It's looney.
Originally posted by chort Could you start by explaining what the heck these are?
ClearSailing
Pinholes
IPMaps
DeadReckoning
I'm no security expert so I guess "stealth" is still okay to use for the average joe, correct? My words were selected because I was referring directly about ShieldsUp!. Sorry.
The Cayman has 3 or 4 default firewall rules that you can use, ClearSailing (everything is open, using NAT as a "firewall"), SilentRunning (all incoming traffic is blocked automatically), DeadReckoning (same as SilentRunning, only allowing IPMaps and Pinholes), and LANdLocked (totally blocked in and out). A pinhole is a forwarded port. An IPMap is IP forwarding to a specific host. Again, these are terms regarding the Cayman only. If you don't have one, you probably won't know what the heck is going on.
As we have discussed before, my old PIX and my original Cayman firmware would drop packets when scanned even on port 25 which was forwarded to our mail server behind the firewall. Now even though I can bump up to "deadReckoning" which drops everything except the traffic to port 25, scan show it as open. I'm certain the PIX would drop everything after a certain about of scanning traffic (portsentry style) and it appeared that the original firmware did the same. Somehow the new firmware doesn't do this. Just curious why the 1 step forward, 2 steps back approach to Cayman firmware and I'm checking to see if everyone else has experienced the same problem.
I thought Chort, CC and me put up all sorts of text over time to show everyone "stealthing" isn't a security necessity and could hamper std ops as well?
Hey, since I've got you guys here, got another question for you. This damn Cayman is bugging the crap out of me. About every 36 hours or so, the darn thing slows to a crawl! I don't think it is related, but the logs show this:
Thu Feb 19 14:24:31 2004(UTC) L2 PPP: (pppoe/vcc1) sending c021 LCP_ECHO_REQUEST, id 1
Thu Feb 19 14:24:31 2004(UTC) L2 PPP: (pppoe/vcc1) received c021 LCP_ECHO_REPLY packet, id 1
Thu Feb 19 14:25:26 2004(UTC) L2 FFS: (SRD) File underrun, partial read 'CRASHDUMP'
Thu Feb 19 14:25:31 2004(UTC) L2 PPP: (pppoe/vcc1) sending c021 LCP_ECHO_REQUEST, id 2
Thu Feb 19 14:25:31 2004(UTC) L2 PPP: (pppoe/vcc1) received c021 LCP_ECHO_REPLY packet, id 2
Thu Feb 19 14:26:31 2004(UTC) L2 PPP: (pppoe/vcc1) sending c021 LCP_ECHO_REQUEST, id 3
It looks like the router is pinging something every 45 to 60 seconds. Is this normal for DSL or whats up? I never noticed this before the firmware upgrade either.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
I'd be more worried about the "CRASHDUMP". Better check your manual (if you were lucky enough to get one) and/or call techsupport. The interesting thing is it looks like that is built on OpenBSD. FFS is OpenBSD's file system.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.