Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-08-2004, 10:47 AM
|
#1
|
LQ Newbie
Registered: Jul 2004
Location: Swamp east Missouri
Distribution: FC12/ubuntu/linux mint/Debian
Posts: 27
Rep:
|
Fedora Core 3, GRC port scan says ports arestealthed but responds to icmp ping
Hello;
I am using FC3 just as it is on the cd. I have not modified the iptables yet. I really don't know exactly what to put in there. According to GRC, my standard ports are stealthed, but the machine responds to icmp pings. Does this situation still keep me from being hacked? I am not on any network, this is a stand alone machine and I have none of the ftp, ssh, telnet, mail, www or those turned on.
I did read what gwalk was told and am going to implement some of those things.
Need any more info, let me know.
Thanks
|
|
|
12-08-2004, 11:23 AM
|
#2
|
Senior Member
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197
Rep:
|
Having ports open and responding to ICMP are two diffirent things. ICMP is a protocol like TCP or UDP, and is used for all kinds of things (not just ping). I know the trend is to turn ICMP off en masse, but it does have a purpose, and certain types of ICMP really should be left enabled.
|
|
|
12-08-2004, 08:36 PM
|
#3
|
LQ Newbie
Registered: Jul 2004
Location: Swamp east Missouri
Distribution: FC12/ubuntu/linux mint/Debian
Posts: 27
Original Poster
Rep:
|
Thanks for the response. I think I remember reading that somewhere about the icmp ping. According to the scans I have had, the ports are stealthed and do not respond. I have replaced my XP computer, it's across the room with another computer that's running Libranet. The Libranet computer is my experimental box that I try out different distros on. I am a little uncomfortable on this FC3 box as I am not sure how well ti is secured. I am trying to cut the windows umbilical cord and am a little nervous about it.
|
|
|
12-08-2004, 09:53 PM
|
#4
|
Member
Registered: Oct 2004
Posts: 229
Rep:
|
looks ok, but
what is a stealthed port?
Does it mean you are getting RST back or no reply?
And get grsecurity for you kernel + read about iptables.
|
|
|
12-08-2004, 09:58 PM
|
#5
|
Member
Registered: Oct 2004
Posts: 229
Rep:
|
I am always puzzled by the colorful language that tends to keep appearing more and more.
I am pretty sure I will be seing an IDS saying there is a clandestine channel in the network soon enough.
|
|
|
12-08-2004, 10:40 PM
|
#6
|
Senior Member
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197
Rep:
|
Quote:
Originally posted by Krugger
looks ok, but
what is a stealthed port?
Does it mean you are getting RST back or no reply?
And get grsecurity for you kernel + read about iptables.
|
Should you be telling people "looks ok" without knowing what a stealthed port is?
A stealthed port is one that sends no response at all. Despite what (self labeled) "security experts" will tell you, it's effectively like waving a big sign that says to crackers "Here's a machine that wishes it was hidden!"
iptables would eb a good place to start. Actually understanding IP and creating a set of rules that makes your machine behave as it should instead of these half assed hacks I see on the net would be a good way to make it great way to finish it.
In response to your second post there, I have no idea what you're talking about.
|
|
|
12-09-2004, 04:37 AM
|
#7
|
Member
Registered: Oct 2004
Posts: 229
Rep:
|
As he said there aren't any services running or at least they are blocked to the outside, I would say it is ok. As people can't connect to his box. So only someone sitting at the machine can hack it.
And I also like the DROP policy as it takes longer to scan as you have to wait for the connection timeout. It doesn't really help in nmap case as they use the available socket options to their advantage, but it takes a little additional time to scan.
The other post can safely be ignored.
|
|
|
12-09-2004, 11:18 PM
|
#8
|
LQ Newbie
Registered: Jul 2004
Location: Swamp east Missouri
Distribution: FC12/ubuntu/linux mint/Debian
Posts: 27
Original Poster
Rep:
|
Thanks guys, I appreciate the time you took to think about this. There are no services running and no network here. I prefer to keep using the Linux box so we will see what happens....Thanks again
|
|
|
All times are GMT -5. The time now is 02:56 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|