Hello;
I am using FC3 just as it is on the cd. I have not modified the iptables yet. I really don't know exactly what to put in there. According to GRC, my standard ports are stealthed, but the machine responds to icmp pings. Does this situation still keep me from being hacked? I am not on any network, this is a stand alone machine and I have none of the ftp, ssh, telnet, mail, www or those turned on.
I did read what gwalk was told and am going to implement some of those things.
Need any more info, let me know.
Thanks

Having ports open and responding to ICMP are two diffirent things. ICMP is a protocol like TCP or UDP, and is used for all kinds of things (not just ping). I know the trend is to turn ICMP off en masse, but it does have a purpose, and certain types of ICMP really should be left enabled.

Thanks for the response. I think I remember reading that somewhere about the icmp ping. According to the scans I have had, the ports are stealthed and do not respond. I have replaced my XP computer, it's across the room with another computer that's running Libranet. The Libranet computer is my experimental box that I try out different distros on. I am a little uncomfortable on this FC3 box as I am not sure how well ti is secured. I am trying to cut the windows umbilical cord and am a little nervous about it.

looks ok, but

what is a stealthed port?

Does it mean you are getting RST back or no reply?

And get grsecurity for you kernel + read about iptables.

I am always puzzled by the colorful language that tends to keep appearing more and more.

I am pretty sure I will be seing an IDS saying there is a clandestine channel in the network soon enough.

Should you be telling people "looks ok" without knowing what a stealthed port is?

A stealthed port is one that sends no response at all. Despite what (self labeled) "security experts" will tell you, it's effectively like waving a big sign that says to crackers "Here's a machine that wishes it was hidden!"

iptables would eb a good place to start. Actually understanding IP and creating a set of rules that makes your machine behave as it should instead of these half assed hacks I see on the net would be a good way to make it great way to finish it.

In response to your second post there, I have no idea what you're talking about.

As he said there aren't any services running or at least they are blocked to the outside, I would say it is ok. As people can't connect to his box. So only someone sitting at the machine can hack it.

And I also like the DROP policy as it takes longer to scan as you have to wait for the connection timeout. It doesn't really help in nmap case as they use the available socket options to their advantage, but it takes a little additional time to scan.

The other post can safely be ignored.

Thanks guys, I appreciate the time you took to think about this. There are no services running and no network here. I prefer to keep using the Linux box so we will see what happens....Thanks again