LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-23-2006, 09:56 AM   #1
aus9
LQ 5k Club
 
Registered: Oct 2003
Location: Western Australia
Distribution: Icewm
Posts: 5,842

Rep: Reputation: Disabled
router billion 5102 has firewall and software firewall tests


Hi

I have played with Mandriva shorewall and did not prefer it to guarddog.

In my router billion 5102 it has only a few choices of firewall including ports 21 23 80 which I have disabled.

In my software firewall (guardog) I have DNS http https only.

At www.grc.com a quick check shows ports 21 23 80 as stealthed.

I am guessing it scans the router for its settings and can not probe any further?

BTW the router allows some kind of bridged mode but I can not use it as far as I can see as I need PPPoE settings to get DHCP address from my ISP in aussieland.

Questions if I may

I have read the manual of my router and I am none the wiser on the firewall test....how do I get stealthed for all ports that I want?

Any links for this question would be greatly appreciated.


PS I found a quick and dirty way of disabling my router from being ever seen I hope from the net.

I created a separate guarddog zone for the router address and disabled http which is what it uses for configs.
 
Old 06-24-2006, 10:17 AM   #2
aus9
LQ 5k Club
 
Registered: Oct 2003
Location: Western Australia
Distribution: Icewm
Posts: 5,842

Original Poster
Rep: Reputation: Disabled
solved

ok found this at the docs for firestarter

If you have a DSL or cable modem box that provides Network Address Translation services, it is possible that the scan does not reflect the status of Firestarter but that of the box.

from link http://www.fs-security.com/docs/faq.php
 
Old 06-24-2006, 09:57 PM   #3
evilDagmar
Member
 
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480

Rep: Reputation: 31
Do yourself a favor and forget you ever saw grc.com.
 
Old 06-24-2006, 10:19 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Quote:
Originally Posted by aus9
At www.grc.com a quick check shows ports 21 23 80 as stealthed.
How do the other ports show up?

Quote:
I have read the manual of my router and I am none the wiser on the firewall test....how do I get stealthed for all ports that I want?
I'm not familiar with your router and its capabilities, but in theory you should be able to figure out what it can do. If you temporarily disable the internal firewall and do a *full* scan (as mentioned grc is definitely not comprehensive). Ideally scan from a remote machine using nmap, but if that's not an option you can try using several different online scanners like grc and find the consensus. Simulataneously running tcpdump on the inside should show what's getting through. If you are unsure, then I'd definitely recommend running the internal machines as if they were directly connected to the internet with a full firewall. May need to be carefull about blocking traffic from the router, like DHCP messages, etc. Personally I'd recommend setting it up that way regardless so that you don't have a single point of failure.
 
Old 06-24-2006, 11:42 PM   #5
aus9
LQ 5k Club
 
Registered: Oct 2003
Location: Western Australia
Distribution: Icewm
Posts: 5,842

Original Poster
Rep: Reputation: Disabled
Captain

you were right and I should have taken the plunge after my last post to turn off my software firewall and retest the router.

tests were done at grc/pcflank/auditmypc

all tests looked exactly the same with internal turned off.

And that means other ports are still showing as CLOSED.


(2) I have yet to work out how to make my router look like the internal is directly connected and even it I did....one of my previous tests with a wrong router setting I had port 80 open and the scans were showing it up as open.

(3) but as its up to me to figure it out I will post a HCL entry if I do.

thanks for the tips so far.
 
Old 12-31-2006, 10:32 PM   #6
aus9
LQ 5k Club
 
Registered: Oct 2003
Location: Western Australia
Distribution: Icewm
Posts: 5,842

Original Poster
Rep: Reputation: Disabled
well I never did figure it out...the best I could see is using the router in bridge mode but that appears to need 2 ethernet cards?

in re-looking at that grc site it reports
Checking a NAT Router's WAN Security

Residential broadband "NAT" routers which allow many computers to share a single Internet connection are becoming quite popular. We love them for the security they provide to the machines placed behind them since any NAT router functions as a natural and excellent hardware firewall.

However, the Internet or "WAN" (Wide Area Network) side connection of many NAT routers and DSL gateways is not as secure as it should be. Many routers ship with web, ftp, or Telnet management ports wide open! And many are still configured with their well-known default administrative passwords. Although the router may be protecting the machines behind it, it might not be protecting itself without your deliberate closing of remote "WAN" administration ports.

ShieldsUP! automatically tests your NAT router's WAN-side security because the router's WAN IP is the single public IP that connects your internal private network to the public Internet. When a test is initiated by any system behind a NAT router, we are testing the public-side security of the router itself and not the security of the individual machines which are located behind and protected by the router.


__________while the previous link reported ISPs may be blocking scans I am now more confident that the first scan result from grc and not auditmypc or pcflank.....was a scan of my router

Last edited by aus9; 12-31-2006 at 10:34 PM.
 
Old 12-31-2006, 11:09 PM   #7
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
I don't really understand what you are trying to accomplish. A scan from the internet will scan your router. You can scan your computer from another computer on the lan using nmap.

I have a Linksys NAT router connected to a cable modem. It has a gateway mode and a router mode. I am using gateway mode.
Routers tend to respond to the ident port.
Code:
hpmedia:~ # grep ident /etc/services
ident           113/tcp    #
#                          identify "authentication domains"
Some older ftp sites will take 2 minutes and timeout without the ident port, but this is rare, and you usually have an option to close it. From your grc response, the routers ident port isn't open.

For the ports you use on the computer itself, make sure to secure services properly. Such as if you use ssh, disable root logins. Use an "AllowUsers" entry. Some people also disable password logins and change the port from port 22 to a higher port number to discourage script kiddie brute force attacts. This won't be an item if you don't forward port 22 in the router.

Quote:
In my software firewall (guardog) I have DNS http https only.
Are you running apache2 and a dns server?

If you have two network interfaces on your hosts, you can have an internet access zone and a less secure LAN zone. This would allow you to open up ports that samba uses without as much worry. Although the NAT router will provide protection, what happens after a power spike or if the router has an unknown vulnerability.

Be sure you disable uPNP on the router, if it exists. It is an evil Microsoft invention that allows ports on the router to be opened up automatically. Installing the wrong software on any of your computers could open up a port in the router without your knowing it.

Last edited by jschiwal; 12-31-2006 at 11:14 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Small Linux Router/firewall behind D-Link Hardware router dleidlein Linux - Networking 6 04-30-2007 06:12 AM
using a router with firewall, local firewall waste? Michael_aust Linux - General 1 03-26-2006 09:02 AM
linux as router/gateway/firewall to dsl-router sjoerdvvu Linux - Networking 2 02-24-2006 11:56 PM
BEST newbie FRIENDLY BOOTABLE CD ROUTER FIREWALL SOFTWARE studpenguin Linux - Networking 7 12-10-2004 05:50 PM
Mandrake Firewall/router networked to US Robotics 8000A router jrzplace Linux - Networking 0 11-17-2003 05:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration