Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
02-25-2006, 12:09 AM
|
#1
|
|
LQ Newbie
Registered: Feb 2006
Posts: 5
Rep: 
|
SMB type invasion...?
I am new to securing my computer, and I am new to linux (FC4) which is sort of proving to be a bad combonation for privacy.
People keep invading my computer with with a Samba connection I think. I installed Firestarter which alerted me to the smb connections happening on my 13x and 400-something ports...or whatever.
My computer seems to be to be on some file share network where people have access to everything on it? For example firestarter will shut down by itself, and I am sure these people are reading my gaim conversations, and monitoring my internet searches etc...
Uhhh...I read a couple of tutorials on Iptables but honestly don't know where to start. I am desperate need of some security advise on how to secure my connection. I don't live in the US and there really isn't a good selection of routers to set up... Any help would be much appreciated.
|
|
|
|
|
02-25-2006, 04:20 AM
|
#2
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
hi, welcome to LQ.
first thing to do would be to look at the current state of your firewall rules...
please open a terminal, become root, and execute the following command: then post the result here...
PS: to become root you can use the "su" command, and you will then be asked for the root password...
are you running samba?? |
|
|
|
|
02-25-2006, 05:19 AM
|
#3
|
|
LQ Newbie
Registered: Feb 2006
Posts: 5
Original Poster
Rep:
|
Thanks for the help...I know how frustrating it is trying to help someone who knows nothing virtually about the subject...
This seems extremly long but this is what I get when I do the iptabels -L command or whatever in shell...
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
LSI all -- anywhere anywhere
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- qns1.hananet.net anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- qns1.hananet.net anywhere
ACCEPT tcp -- qns2.hananet.net anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- qns2.hananet.net anywhere
ACCEPT tcp -- qns3.hananet.net anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- qns3.hananet.net anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
NR all -- !211.44.200.0/24 anywhere
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 211.44.200.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain LOG_FILTER (5 references)
target prot opt source destination
DROP all -- 211.44.88.32 anywhere
DROP all -- 211.44.200.157 anywhere
DROP all -- rav73-1-82-239-32-84.fbx.proxad.net anywhere
DROP all -- 61.132.102.24 anywhere
DROP all -- 185.172.251.175 anywhere
DROP all -- 185.172.251.175 anywhere
DROP all -- 185.172.251.175 anywhere
DROP all -- 201-1-159-9.dsl.telesp.net.br anywhere
DROP all -- 185.172.251.175 anywhere
DROP all -- 66-128-108-194.static.stls.mo.charter.com anywhere
DROP all -- 211.208.6.122 anywhere
DROP all -- 66-128-108-194.static.stls.mo.charter.com anywhere
DROP all -- 221.12.161.110 anywhere
DROP all -- 221.12.161.109 anywhere
DROP all -- 222.141.69.129 anywhere
DROP all -- 211.44.145.120 anywhere
DROP all -- 211.44.145.120 anywhere
DROP all -- 198.64.140.152 anywhere
DROP all -- 211.44.200.170 anywhere
DROP all -- 211.44.200.170 anywhere
DROP all -- 211.44.189.26 anywhere
DROP all -- 211.44.200.170 anywhere
DROP all -- 10.192.32.1 anywhere
DROP all -- 211.44.130.84 anywhere
DROP all -- 211.44.175.120 anywhere
DROP all -- 211.44.69.121 anywhere
DROP all -- 211.44.189.26 anywhere
DROP all -- 211.44.200.170 anywhere
DROP all -- 211.44.200.170 anywhere
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:microsoft-ds
DROP udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:ssh
DROP udp -- anywhere anywhere udp dpt:ssh
DROP tcp -- anywhere anywhere tcp dpt:1026
DROP udp -- anywhere anywhere udp dpt:1026
DROP tcp -- anywhere anywhere tcp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP tcp -- anywhere anywhere tcp dpt:1026
DROP udp -- anywhere anywhere udp dpt:1026
DROP tcp -- anywhere anywhere tcp dpt:ms-sql-s
DROP udp -- anywhere anywhere udp dpt:ms-sql-s
DROP tcp -- anywhere anywhere tcp dpt:4899
DROP udp -- anywhere anywhere udp dpt:4899
DROP tcp -- anywhere anywhere tcp dpt:ms-sql-s
DROP udp -- anywhere anywhere udp dpt:ms-sql-s
DROP tcp -- anywhere anywhere tcp dpt:4361
DROP udp -- anywhere anywhere udp dpt:4361
DROP tcp -- anywhere anywhere tcp dpt:4081
DROP udp -- anywhere anywhere udp dpt:4081
DROP tcp -- anywhere anywhere tcp dpt:4081
DROP udp -- anywhere anywhere udp dpt:4081
DROP tcp -- anywhere anywhere tcp dpt:43987
DROP udp -- anywhere anywhere udp dpt:43987
DROP tcp -- anywhere anywhere tcp dpt:46972
DROP udp -- anywhere anywhere udp dpt:46972
DROP tcp -- anywhere anywhere tcp dpt:1033
DROP udp -- anywhere anywhere udp dpt:1033
DROP tcp -- anywhere anywhere tcp dpt:15118
DROP udp -- anywhere anywhere udp dpt:15118
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:mysql
DROP udp -- anywhere anywhere udp dpt:mysql
DROP tcp -- anywhere anywhere tcp dpt:630
DROP udp -- anywhere anywhere udp dpt:630
DROP tcp -- anywhere anywhere tcp dpt:http
DROP udp -- anywhere anywhere udp dpt:http
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:https
DROP udp -- anywhere anywhere udp dpt:https
DROP tcp -- anywhere anywhere tcp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP tcp -- anywhere anywhere tcp dpt:bootpc
DROP udp -- anywhere anywhere udp dpt:bootpc
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:https
DROP udp -- anywhere anywhere udp dpt:https
DROP tcp -- anywhere anywhere tcp dpt:https
DROP udp -- anywhere anywhere udp dpt:https
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn
DROP udp -- anywhere anywhere udp dpt:netbios-ssn
DROP tcp -- anywhere anywhere tcp dpt:5353
DROP udp -- anywhere anywhere udp dpt:5353
Chain LSI (73 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain NR (1 references)
target prot opt source destination
LSI all -- 0.0.0.0/8 211.44.200.0/24
LSI all -- 1.0.0.0/8 211.44.200.0/24
LSI all -- 2.0.0.0/8 211.44.200.0/24
LSI all -- 5.0.0.0/8 211.44.200.0/24
LSI all -- 7.0.0.0/8 211.44.200.0/24
LSI all -- 10.0.0.0/8 211.44.200.0/24
LSI all -- 23.0.0.0/8 211.44.200.0/24
LSI all -- 27.0.0.0/8 211.44.200.0/24
LSI all -- 31.0.0.0/8 211.44.200.0/24
LSI all -- 36.0.0.0/8 211.44.200.0/24
LSI all -- 37.0.0.0/8 211.44.200.0/24
LSI all -- 39.0.0.0/8 211.44.200.0/24
LSI all -- 42.0.0.0/8 211.44.200.0/24
LSI all -- 49.0.0.0/8 211.44.200.0/24
LSI all -- 50.0.0.0/8 211.44.200.0/24
LSI all -- 77.0.0.0/8 211.44.200.0/24
LSI all -- 78.0.0.0/8 211.44.200.0/24
LSI all -- 79.0.0.0/8 211.44.200.0/24
LSI all -- 92.0.0.0/8 211.44.200.0/24
LSI all -- 93.0.0.0/8 211.44.200.0/24
LSI all -- 94.0.0.0/8 211.44.200.0/24
LSI all -- 95.0.0.0/8 211.44.200.0/24
LSI all -- 96.0.0.0/8 211.44.200.0/24
LSI all -- 97.0.0.0/8 211.44.200.0/24
LSI all -- 98.0.0.0/8 211.44.200.0/24
LSI all -- 99.0.0.0/8 211.44.200.0/24
LSI all -- 100.0.0.0/8 211.44.200.0/24
LSI all -- 101.0.0.0/8 211.44.200.0/24
LSI all -- 102.0.0.0/8 211.44.200.0/24
LSI all -- 103.0.0.0/8 211.44.200.0/24
LSI all -- 104.0.0.0/8 211.44.200.0/24
LSI all -- 105.0.0.0/8 211.44.200.0/24
LSI all -- 106.0.0.0/8 211.44.200.0/24
LSI all -- 107.0.0.0/8 211.44.200.0/24
LSI all -- 108.0.0.0/8 211.44.200.0/24
LSI all -- 109.0.0.0/8 211.44.200.0/24
LSI all -- 110.0.0.0/8 211.44.200.0/24
LSI all -- 111.0.0.0/8 211.44.200.0/24
LSI all -- 112.0.0.0/8 211.44.200.0/24
LSI all -- 113.0.0.0/8 211.44.200.0/24
LSI all -- 114.0.0.0/8 211.44.200.0/24
LSI all -- 115.0.0.0/8 211.44.200.0/24
LSI all -- 116.0.0.0/8 211.44.200.0/24
LSI all -- 117.0.0.0/8 211.44.200.0/24
LSI all -- 118.0.0.0/8 211.44.200.0/24
LSI all -- 119.0.0.0/8 211.44.200.0/24
LSI all -- 120.0.0.0/8 211.44.200.0/24
LSI all -- 127.0.0.0/8 211.44.200.0/24
LSI all -- 169.254.0.0/16 211.44.200.0/24
LSI all -- 172.16.0.0/12 211.44.200.0/24
LSI all -- 173.0.0.0/8 211.44.200.0/24
LSI all -- 174.0.0.0/8 211.44.200.0/24
LSI all -- 175.0.0.0/8 211.44.200.0/24
LSI all -- 176.0.0.0/8 211.44.200.0/24
LSI all -- 177.0.0.0/8 211.44.200.0/24
LSI all -- 178.0.0.0/8 211.44.200.0/24
LSI all -- 179.0.0.0/8 211.44.200.0/24
LSI all -- 180.0.0.0/8 211.44.200.0/24
LSI all -- 181.0.0.0/8 211.44.200.0/24
LSI all -- 182.0.0.0/8 211.44.200.0/24
LSI all -- 183.0.0.0/8 211.44.200.0/24
LSI all -- 184.0.0.0/8 211.44.200.0/24
LSI all -- 185.0.0.0/8 211.44.200.0/24
LSI all -- 186.0.0.0/8 211.44.200.0/24
LSI all -- 187.0.0.0/8 211.44.200.0/24
LSI all -- 192.0.2.0/24 211.44.200.0/24
LSI all -- 192.168.0.0/16 211.44.200.0/24
LSI all -- 197.0.0.0/8 211.44.200.0/24
LSI all -- 198.18.0.0/15 211.44.200.0/24
LSI all -- 223.0.0.0/8 211.44.200.0/24
LSI all -- BASE-ADDRESS.MCAST.NET/3 211.44.200.0/24
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 211.44.200.170 qns1.hananet.net tcp dpt:domain
ACCEPT udp -- 211.44.200.170 qns1.hananet.net udp dpt:domain
ACCEPT tcp -- 211.44.200.170 qns2.hananet.net tcp dpt:domain
ACCEPT udp -- 211.44.200.170 qns2.hananet.net udp dpt:domain
ACCEPT tcp -- 211.44.200.170 qns3.hananet.net tcp dpt:domain
ACCEPT udp -- 211.44.200.170 qns3.hananet.net udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
I think I can say that I am not running Samba, I mean I didint start the program myself.
thanks again.
|
|
|
|
|
02-25-2006, 06:18 AM
|
#4
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
i see... hmmm... well, those are indeed some overly complicated rules... could you please tell us what this box of yours is being used for?? i mean, is it basically just a PC used for web/email and stuff like that?? or are you running some kinda servers/daemons on it?? also, how many network interfaces does it have??
if you give us an idea of what you are using the computer for, we could provide you with some much simpler firewall rules... i suggest that you get rid of firestarter or any other GUI iptables programs - we can create an iptables shell script custom-tailored just for you...  |
|
|
|
|
02-25-2006, 03:58 PM
|
#5
|
|
LQ Newbie
Registered: Feb 2006
Posts: 5
Original Poster
Rep:
|
Yes, this computer is just for web browsing and emailing. I dont really do much downloading or anything else. I have the ethernet connection and a wireless connection but I do not use the wifi connection, I might in the future however as this is a laptop.
I am not running anything on this computer except for a webbrowser, and occasionally a streaming audio file with Real Audio.
The reason I switched to Fedora Core 4 is because someone deleted my network drivers and changed the windows re install key with some script or something. Anyways I know that there are those out there trying to do the same to this computer set up mess it up, infact I am 100% sure about this.
-T
|
|
|
|
|
02-26-2006, 04:20 AM
|
#6
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
okay, first thing is to flush all your chains and delete all your rules... once everything is clear we will proceed to add some new, much simpler rules... this script i've written for you will do exactly that...
it clears everything, and then sets your INPUT policy to DROP, with the only rules for INPUT being a rule for packets of an ESTABLISHED or RELATED state and for packets from the loopback interface... this means no connections will be allowed to be started to your computer FROM the outside world...
as for the OUTPUT chain, it's policy is set to ACCEPT in order to give you the most flexibility, so no OUTPUT rules are needed there...
so make sure you've eliminated any iptables GUI programs you might have had, and then execute this script (if you don't know how to execute a shell script, just ask me)... after executing this script you can check your new iptables configuration by doing another "iptables -L" and you will see how much simpler it is now...
Code:
#!/bin/sh
IPT="/sbin/iptables"
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
$IPT -X -t nat
$IPT -X -t mangle
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
after running the script, check your connection and stuff by opening your browser and doing some surfing or logging-on to MSN or whatever you want... once you are sure everything is fine you can proceed to save your new iptables setup by doing a (as root): now even upon reboot your new iptables rules should remain in effect (check that please)... |
|
|
|
|
02-26-2006, 04:30 AM
|
#7
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
oh, and once you are done setting iptables, post your relevant kernel parameter settings so we could tell you if there's some you should tweak... all you need to do is post the output of this command:
Code:
sysctl -a | grep ipv4
|
|
|
|
|
02-26-2006, 05:16 AM
|
#8
|
|
LQ Newbie
Registered: Feb 2006
Posts: 5
Original Poster
Rep:
|
Ok, so I figured out how to execute a script....and this is what I come up with...
net.ipv4.ip_conntrack_max = 32744
net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0
net.ipv4.netfilter.ip_conntrack_tcp_loose = 3
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
net.ipv4.netfilter.ip_conntrack_log_invalid = 0
net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
net.ipv4.netfilter.ip_conntrack_buckets = 4093
net.ipv4.netfilter.ip_conntrack_count = 15
net.ipv4.netfilter.ip_conntrack_max = 32744
net.ipv4.conf.eth0.force_igmp_version = 0
net.ipv4.conf.eth0.disable_policy = 0
net.ipv4.conf.eth0.disable_xfrm = 0
net.ipv4.conf.eth0.arp_ignore = 0
net.ipv4.conf.eth0.arp_announce = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.tag = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.eth0.bootp_relay = 0
net.ipv4.conf.eth0.medium_id = 0
net.ipv4.conf.eth0.proxy_arp = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.eth0.send_redirects = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.eth0.shared_media = 1
net.ipv4.conf.eth0.secure_redirects = 1
net.ipv4.conf.eth0.accept_redirects = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.accept_redirects = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.accept_source_route = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.accept_redirects = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.neigh.eth0.base_reachable_time_ms = 30000
net.ipv4.neigh.eth0.retrans_time_ms = 1000
net.ipv4.neigh.eth0.locktime = 99
net.ipv4.neigh.eth0.proxy_delay = 79
net.ipv4.neigh.eth0.anycast_delay = 99
net.ipv4.neigh.eth0.proxy_qlen = 64
net.ipv4.neigh.eth0.unres_qlen = 3
net.ipv4.neigh.eth0.gc_stale_time = 60
net.ipv4.neigh.eth0.delay_first_probe_time = 5
net.ipv4.neigh.eth0.base_reachable_time = 30
net.ipv4.neigh.eth0.retrans_time = 99
net.ipv4.neigh.eth0.app_solicit = 0
net.ipv4.neigh.eth0.ucast_solicit = 3
net.ipv4.neigh.eth0.mcast_solicit = 3
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.locktime = 99
net.ipv4.neigh.lo.proxy_delay = 79
net.ipv4.neigh.lo.anycast_delay = 99
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.unres_qlen = 3
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.retrans_time = 99
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.locktime = 99
net.ipv4.neigh.default.proxy_delay = 79
net.ipv4.neigh.default.anycast_delay = 99
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.unres_qlen = 3
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.retrans_time = 99
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.tcp_bic_beta = 819
net.ipv4.tcp_tso_win_divisor = 8
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_bic_low_window = 14
net.ipv4.tcp_bic_fast_convergence = 1
net.ipv4.tcp_bic = 1
net.ipv4.tcp_vegas_gamma = 2
net.ipv4.tcp_vegas_beta = 6
net.ipv4.tcp_vegas_alpha = 2
net.ipv4.tcp_vegas_cong_avoid = 0
net.ipv4.tcp_westwood = 0
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.ipfrag_secret_interval = 600
net.ipv4.tcp_low_latency = 0
net.ipv4.tcp_frto = 0
net.ipv4.tcp_tw_reuse = 0
net.ipv4.icmp_ratemask = 6168
net.ipv4.icmp_ratelimit = 1000
net.ipv4.tcp_adv_win_scale = 2
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_rmem = 4096 87380 174760
net.ipv4.tcp_wmem = 4096 16384 131072
net.ipv4.tcp_mem = 196608 262144 393216
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_fack = 1
net.ipv4.tcp_orphan_retries = 0
net.ipv4.inet_peer_gc_maxtime = 120
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.inet_peer_maxttl = 600
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_threshold = 65664
net.ipv4.igmp_max_msf = 10
net.ipv4.igmp_max_memberships = 20
net.ipv4.route.secret_interval = 600
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.min_pmtu = 552
net.ipv4.route.mtu_expires = 600
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.error_burst = 5000
net.ipv4.route.error_cost = 1000
net.ipv4.route.redirect_silence = 20480
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_load = 20
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_timeout = 300
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.max_size = 16384
net.ipv4.route.gc_thresh = 1024
net.ipv4.route.max_delay = 10
net.ipv4.route.min_delay = 2
net.ipv4.icmp_ignore_bogus_error_responses = 0
net.ipv4.icmp_echo_ignore_broadcasts = 0
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.ip_local_port_range = 32768 61000
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.ipfrag_time = 30
net.ipv4.ip_dynaddr = 0
net.ipv4.ipfrag_low_thresh = 196608
net.ipv4.ipfrag_high_thresh = 262144
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_syn_retries = 5
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_autoconfig = 0
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_forward = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 1
Last edited by politricks; 03-01-2006 at 06:18 AM.
|
|
|
|
|
03-02-2006, 09:05 AM
|
#9
|
|
LQ Newbie
Registered: Feb 2006
Posts: 5
Original Poster
Rep:
|
I still dont know if this works. This is what ip6tables -l Comes up with
hain FORWARD (policy DROP)
target prot opt source destination
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all anywhere anywhere
and this is what iptables -L comes up with
Chain FORWARD (policy DROP)
target prot opt source destination
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
after I run the script and save in iptables. I am fairly sure that the "people" still have access to my comp. Any suggestions would really help me with stopping this snooping. I live in an Asian country where information about computer use is used to a such a degree.
Thanks
T
|
|
|
|
|
03-02-2006, 09:38 AM
|
#10
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
|
Originally Posted by politricks
Chain FORWARD (policy DROP)
target prot opt source destination
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
after I run the script and save in iptables. I am fairly sure that the "people" still have access to my comp. Any suggestions would really help me with stopping this snooping. I live in an Asian country where information about computer use is used to a such a degree.
|
your iptables setup looks good now... it's a basic stealth firewall setup... if you still suspect people are connecting to your box and snooping on you then it's not going to be something iptables-related... it could be that you've been rooted or perhaps it's a pychological thing... to check for a rootkit you might wanna try: http://www.rootkit.nl/ ...for the psychological aspect, perhaps a re-install from brand new (and checksumed) CDs would be in order, patching all your software and setting-up your firewall like this BEFORE connecting the box to the network...
if you are worried about government people snooping on your traffic, then a firewall will have nothing to do with that... you'd need to establish a secure connection to another location, and then use that "secure tunnel" for all your connections... i will not say more about that issue because here at LQ we do not encourage illegal activity and bypassing your country's monitors/filters by using VPN or Stunnel and stuff like that will most likely be considered illegal activity...
now, as for your sysctl setup... here's some changes i think you should make after having given your "sysctl -a" output a quick glance... to make these changes you need to edit your /etc/sysctl.conf file:
you definitely wanna change that 1 to a 0...
Quote:
|
net.ipv4.conf.default.send_redirects = 1
|
you probably wanna change that 1 to a 0...
you might wanna change that 0 to a 1 and read this...
Quote:
|
net.ipv4.tcp_syncookies = 1
|
you wanna change that 1 to a 0 cuz you aren't accepting any incoming connections so you don't need these cookies...
just my  ...
Last edited by win32sux; 03-02-2006 at 09:41 AM.
|
|
|
|
All times are GMT -5. The time now is 07:35 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
