Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
This isn't a Linux question, but a Cayman Router question. I have an SBC supplied Cayman router and ran the 6.4.0R2 firmware update. Before, if I was on everything except ClearSailing, I couldn't use the Pinholes or IPMaps. In Clearsailing, I could forward port 25 for my SMTP mail server, but it was still stealthed when using ShieldsUp!. With the the new firmware update, I can use my pinholes and IPMaps on DeadReckoning, but no matter what I have the firewall set on, it no longer stealths my open ports.
Anybody have an idea why this is happening. This seems like a step back to me.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Could you start by explaining what the heck these are?
By the way, read the many previous posts on why it is not possible to "stealth" open ports. If you search for "stealth open possible" you should find my other posts about it, I think. Unles you're narrowing access down to certain IPs, there's no way it will ever look "stealthed".
By the way, could everyone please stop using the phrase "stealth"? No security expert says "my firewall is stealthed!" Instead, they would say "my firewall is setup to default drop". If you say "stealth" in front of real security people, they will probably give you a funny look or perhaps snicker. All thanks to that stupid ShieldsUp! site every newbie is running around saying "stealth this" and "stealth that". It's looney.
Originally posted by chort Could you start by explaining what the heck these are?
I'm no security expert so I guess "stealth" is still okay to use for the average joe, correct? My words were selected because I was referring directly about ShieldsUp!. Sorry.
The Cayman has 3 or 4 default firewall rules that you can use, ClearSailing (everything is open, using NAT as a "firewall"), SilentRunning (all incoming traffic is blocked automatically), DeadReckoning (same as SilentRunning, only allowing IPMaps and Pinholes), and LANdLocked (totally blocked in and out). A pinhole is a forwarded port. An IPMap is IP forwarding to a specific host. Again, these are terms regarding the Cayman only. If you don't have one, you probably won't know what the heck is going on.
As we have discussed before, my old PIX and my original Cayman firmware would drop packets when scanned even on port 25 which was forwarded to our mail server behind the firewall. Now even though I can bump up to "deadReckoning" which drops everything except the traffic to port 25, scan show it as open. I'm certain the PIX would drop everything after a certain about of scanning traffic (portsentry style) and it appeared that the original firmware did the same. Somehow the new firmware doesn't do this. Just curious why the 1 step forward, 2 steps back approach to Cayman firmware and I'm checking to see if everyone else has experienced the same problem.
Hey, since I've got you guys here, got another question for you. This damn Cayman is bugging the crap out of me. About every 36 hours or so, the darn thing slows to a crawl! I don't think it is related, but the logs show this:
Thu Feb 19 14:24:31 2004(UTC) L2 PPP: (pppoe/vcc1) sending c021 LCP_ECHO_REQUEST, id 1
Thu Feb 19 14:24:31 2004(UTC) L2 PPP: (pppoe/vcc1) received c021 LCP_ECHO_REPLY packet, id 1
Thu Feb 19 14:25:26 2004(UTC) L2 FFS: (SRD) File underrun, partial read 'CRASHDUMP'
Thu Feb 19 14:25:31 2004(UTC) L2 PPP: (pppoe/vcc1) sending c021 LCP_ECHO_REQUEST, id 2
Thu Feb 19 14:25:31 2004(UTC) L2 PPP: (pppoe/vcc1) received c021 LCP_ECHO_REPLY packet, id 2
Thu Feb 19 14:26:31 2004(UTC) L2 PPP: (pppoe/vcc1) sending c021 LCP_ECHO_REQUEST, id 3
It looks like the router is pinging something every 45 to 60 seconds. Is this normal for DSL or whats up? I never noticed this before the firmware upgrade either.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
I'd be more worried about the "CRASHDUMP". Better check your manual (if you were lucky enough to get one) and/or call techsupport. The interesting thing is it looks like that is built on OpenBSD. FFS is OpenBSD's file system.