LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 11-26-2004, 07:24 PM   #1
Cyberian
Member
 
Registered: May 2004
Distribution: SuSE
Posts: 117

Rep: Reputation: 15
HELP: stealthing FCP FIN, TCP XMAS, and UDP


Hi,

How do I stealth FCP FIN, TCP XMAS, and UDP?

I am currently using Firestarter firewall.
 
Old 11-28-2004, 08:30 PM   #2
Cyberian
Member
 
Registered: May 2004
Distribution: SuSE
Posts: 117

Original Poster
Rep: Reputation: 15
Help, PLEASE?
 
Old 11-28-2004, 09:06 PM   #3
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,109

Rep: Reputation: 312Reputation: 312Reputation: 312Reputation: 312
You might get more luck in the networks and/or security forums. Meanwhile, though, do you know what those terms you threw out mean? If not, install nmap and read its man page. Then read man iptables, paying particular attention to the --tcp-flags option, which will help with the XMAS TREE and FIN questions. Read about the --protocol option to iptables to learn how to figure based on the transport layer protocol.

Beyond that, we can't help too much unless you're a bit more specific about what you want to do and why.
 
Old 11-28-2004, 09:51 PM   #4
Cyberian
Member
 
Registered: May 2004
Distribution: SuSE
Posts: 117

Original Poster
Rep: Reputation: 15
I have no idea what they stand for. All I know is they are about security. And I feel paranoid over knowing that I failed the security test because of those 3 things.

Reason why I want to stealth them is, I want a secure computer.
 
Old 11-29-2004, 12:34 AM   #5
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,109

Rep: Reputation: 312Reputation: 312Reputation: 312Reputation: 312
OK, quick explanation: TCP and UDP are transport layer protocols. For instance, every time you connect to a Web site, the HTTP protocol travels over TCP. DNS uses UDP. In virtually all networks, TCP and UDP both travel over IP, the Internet Protocol.

FIN attacks and XMAS TREE scans work by setting nonsensical combinations of options in the TCP packet header (e.g. with a FIN trying to break a nonexistent connection). Older implementations would sometimes choke on these, and this was a security hole. Also, the responses sent out to these could be used to fingerprint the OS running on the remote computer, making it easier to decide how to attack it. UDP is just a transport layer protocol.

In any case, what you need to do is read the man pages I posted above. You can make your computer drop all incoming UDP traffic not from your DNS server, for instance. if you drop all incoming TCP and UDP traffic that's not part of a connection you initiated, your machine will be stealthed.

Last edited by btmiller; 11-29-2004 at 12:35 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP/UDP Confusion blackhole123 Linux - Networking 1 11-15-2005 03:46 AM
tcp/udp and c++ Kroenecker Programming 1 05-10-2005 11:56 AM
TCP packet flags (SYN, FIN, ACK, etc) and firewall rules TheLinuxDuck Linux - Security 12 04-28-2005 11:30 PM
UDP over TCP The_Nerd Programming 7 07-21-2004 09:45 PM
TCP vs. UDP mikeshn Linux - Networking 5 05-17-2003 04:14 PM


All times are GMT -5. The time now is 12:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration