Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-09-2003, 04:54 PM
|
#1
|
Member
Registered: Nov 2000
Location: Ware (Nr London, England
Posts: 114
Rep:
|
IPtables open ports
Hi there,
I run a RH7.3 server to act as a NAT and firewall for my cable modem. I recently popped to the grc.com site to test my firewall (I do this occasional as the probes are constantly being improved). I ran the new test there that test all the first 1056 ports. To my horror some where not stealthed and one was open!
I run Firestarter to generate my ruleset. I have read Iptables howtos and cannot make head nor tail of them! I got rid of most of the problem's but there are still several closed but not stealthed ports on my system. I will include the output from the grc portscanner at the end of this message. I have found Firestarter to be an easy to use program. Can anyone advise me on an equally easy to use system or how to close these holes. I want to be completely stealthed on the net.
Thank you
Paul
----------------------------------------------------------------------
GRC Port Authority Report created on UTC: 2003-10-09 at 20:42:39
Results from scan of ports: 0-1055
0 Ports Open
34 Ports Closed
1022 Ports Stealth
---------------------
1056 Ports Tested
NO PORTS were found to be OPEN.
Ports found to be CLOSED were: 67, 68, 1024, 1025, 1026, 1027,
1028, 1029, 1030, 1031, 1032,
1033, 1034, 1035, 1036, 1037,
1038, 1039, 1040, 1041, 1042,
1043, 1044, 1045, 1046, 1047,
1048, 1049, 1050, 1051, 1052,
1053, 1054, 1055
Other than what is listed above, all ports are STEALTH.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.
----------------------------------------------------------------------
|
|
|
10-09-2003, 10:04 PM
|
#2
|
Member
Registered: Oct 2002
Distribution: MDK 9.2, Debian
Posts: 74
Rep:
|
Most the GUIs for iptables like Firestarter and Guarddog make some pretty heinous scripts for your firewall, usually they come with some kind of warning not to edit them, because of that complexity and because you might mess up the operation of the front-end if something is changed in the wrong way in the script. To double-check your results you should check out pcflank.com and hit up the advanced port scanner, you can do a batch check on those specific ports that showed up as closed in the grc scan. I'm guessing that the reason that your 1024-1055 ports were reported as 'CLOSED' is because those ports are being used for making data connections and whatnot over the net while you are doing all of this, so I wouldn't worry too much about those. I'm sure that you can stealth them somehow with FS, (/etc/firestarter/stealth*?), but as a simple to use, very effective firewall I suggest Guarddog. The default rules are to allow nothing through the firewall either way, and to stealth all ports, including all the ones you are concerned about. It comes with a very good configuration setup where you can select the various types of communication you want to let through, (FTP, ssh, traceroute, ping, jabber, yahoo, whatever). Everything besides the things you specifically select are blocked, which I think is a damn good security model.
|
|
|
10-09-2003, 10:11 PM
|
#3
|
Member
Registered: Oct 2002
Distribution: MDK 9.2, Debian
Posts: 74
Rep:
|
Also an easy way to setup a simple firewall for a server is to use something like FS or GD to configure your various rules and generate a script, then you can simply use your rc.firewall/firewall.sh script on your server and remove the overhead of running X and a desktop like Gnome or KDE. Of course for an important server I'd want to write my own iptables rules and make sure I knew exactly what was running, but the what I outlined above is an easy alternative, especially if you don't want to futz with learning much about iptables.
|
|
|
10-10-2003, 03:03 AM
|
#4
|
Member
Registered: Nov 2000
Location: Ware (Nr London, England
Posts: 114
Original Poster
Rep:
|
Thanks for the advice.
Looking at the port discriptions for the open ports around 1024 they are used by windows processes apparently. As I have windows computers behind my firewall (the shame!) they may be using those ports through NAT. Though I have no idea what they where doing. Trouble is I dont think Microsoft would know either.
I will look at the products that you suggest.
The reason I am investigating my firewall was I noticed an increase in hits in the log files. About a 3 fold increase! My isp changed my IP address recently as they do about once every month and I think I have gotten one that must have belonged to a popular computer to hack!
Thanks
Paul
|
|
|
All times are GMT -5. The time now is 01:27 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|