LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-18-2004, 08:55 AM   #1
ghight
Member
 
Registered: Jan 2003
Location: Indiana
Distribution: Centos, RedHat Enterprise, Slackware
Posts: 524

Rep: Reputation: 30
Stealthing Open Router Ports


This isn't a Linux question, but a Cayman Router question. I have an SBC supplied Cayman router and ran the 6.4.0R2 firmware update. Before, if I was on everything except ClearSailing, I couldn't use the Pinholes or IPMaps. In Clearsailing, I could forward port 25 for my SMTP mail server, but it was still stealthed when using ShieldsUp!. With the the new firmware update, I can use my pinholes and IPMaps on DeadReckoning, but no matter what I have the firewall set on, it no longer stealths my open ports.

Anybody have an idea why this is happening. This seems like a step back to me.
 
Old 02-18-2004, 10:38 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Could you start by explaining what the heck these are?
ClearSailing
Pinholes
IPMaps
DeadReckoning

By the way, read the many previous posts on why it is not possible to "stealth" open ports. If you search for "stealth open possible" you should find my other posts about it, I think. Unles you're narrowing access down to certain IPs, there's no way it will ever look "stealthed".

By the way, could everyone please stop using the phrase "stealth"? No security expert says "my firewall is stealthed!" Instead, they would say "my firewall is setup to default drop". If you say "stealth" in front of real security people, they will probably give you a funny look or perhaps snicker. All thanks to that stupid ShieldsUp! site every newbie is running around saying "stealth this" and "stealth that". It's looney.
 
Old 02-18-2004, 11:14 AM   #3
ghight
Member
 
Registered: Jan 2003
Location: Indiana
Distribution: Centos, RedHat Enterprise, Slackware
Posts: 524

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by chort
Could you start by explaining what the heck these are?
ClearSailing
Pinholes
IPMaps
DeadReckoning
I'm no security expert so I guess "stealth" is still okay to use for the average joe, correct? My words were selected because I was referring directly about ShieldsUp!. Sorry.

The Cayman has 3 or 4 default firewall rules that you can use, ClearSailing (everything is open, using NAT as a "firewall"), SilentRunning (all incoming traffic is blocked automatically), DeadReckoning (same as SilentRunning, only allowing IPMaps and Pinholes), and LANdLocked (totally blocked in and out). A pinhole is a forwarded port. An IPMap is IP forwarding to a specific host. Again, these are terms regarding the Cayman only. If you don't have one, you probably won't know what the heck is going on.

As we have discussed before, my old PIX and my original Cayman firmware would drop packets when scanned even on port 25 which was forwarded to our mail server behind the firewall. Now even though I can bump up to "deadReckoning" which drops everything except the traffic to port 25, scan show it as open. I'm certain the PIX would drop everything after a certain about of scanning traffic (portsentry style) and it appeared that the original firmware did the same. Somehow the new firmware doesn't do this. Just curious why the 1 step forward, 2 steps back approach to Cayman firmware and I'm checking to see if everyone else has experienced the same problem.
 
Old 02-18-2004, 03:29 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
I thought Chort, CC and me put up all sorts of text over time to show everyone "stealthing" isn't a security necessity and could hamper std ops as well?
 
Old 02-18-2004, 03:34 PM   #5
ghight
Member
 
Registered: Jan 2003
Location: Indiana
Distribution: Centos, RedHat Enterprise, Slackware
Posts: 524

Original Poster
Rep: Reputation: 30
You have. I'm reading the sticky as we speak. As with anything new, with the proper guidance, it's all comes together eventually. I'm on my way.

Thanks.
 
Old 02-18-2004, 03:52 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
Np, np.
 
Old 02-19-2004, 09:24 AM   #7
ghight
Member
 
Registered: Jan 2003
Location: Indiana
Distribution: Centos, RedHat Enterprise, Slackware
Posts: 524

Original Poster
Rep: Reputation: 30
Hey, since I've got you guys here, got another question for you. This damn Cayman is bugging the crap out of me. About every 36 hours or so, the darn thing slows to a crawl! I don't think it is related, but the logs show this:

Thu Feb 19 14:24:31 2004(UTC) L2 PPP: (pppoe/vcc1) sending c021 LCP_ECHO_REQUEST, id 1
Thu Feb 19 14:24:31 2004(UTC) L2 PPP: (pppoe/vcc1) received c021 LCP_ECHO_REPLY packet, id 1
Thu Feb 19 14:25:26 2004(UTC) L2 FFS: (SRD) File underrun, partial read 'CRASHDUMP'
Thu Feb 19 14:25:31 2004(UTC) L2 PPP: (pppoe/vcc1) sending c021 LCP_ECHO_REQUEST, id 2
Thu Feb 19 14:25:31 2004(UTC) L2 PPP: (pppoe/vcc1) received c021 LCP_ECHO_REPLY packet, id 2
Thu Feb 19 14:26:31 2004(UTC) L2 PPP: (pppoe/vcc1) sending c021 LCP_ECHO_REQUEST, id 3


It looks like the router is pinging something every 45 to 60 seconds. Is this normal for DSL or whats up? I never noticed this before the firmware upgrade either.
 
Old 02-19-2004, 09:57 AM   #8
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
I'd be more worried about the "CRASHDUMP". Better check your manual (if you were lucky enough to get one) and/or call techsupport. The interesting thing is it looks like that is built on OpenBSD. FFS is OpenBSD's file system.
 
Old 02-19-2004, 10:05 AM   #9
ghight
Member
 
Registered: Jan 2003
Location: Indiana
Distribution: Centos, RedHat Enterprise, Slackware
Posts: 524

Original Poster
Rep: Reputation: 30
Well crap. The website doesn't say anything about it, and the tech support goes through SBC. We all know how that gets handled.

Those CRASHDUMPs happen every 5 to 15 minutes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
router safecom 4port adsl open ports? cormack Linux - Hardware 2 11-01-2005 03:24 PM
Testing open ports, behind a router sekelsenmat Linux - Networking 7 06-28-2005 08:50 AM
How to open ports on D-Link router TazG Linux - Hardware 6 07-20-2004 03:42 PM
open ports on a router? riddlebox80 Linux - Hardware 3 04-21-2003 08:41 PM
Stealthing all ports Stephanie Linux - General 10 07-26-2002 11:00 AM


All times are GMT -5. The time now is 10:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration