Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've a security question . Well, I consider myself an average Linux user, but my weakest point is (besides getting the fans in my computers to spin) is security. I don't understand that much about security, even though I read some books about the subject...
Well, when going to http://www.testmyfirewall.com/, I got quite surprised that they could actually see my Internal IP address.... How bad is that? I have a little firewall/switch with DHCP server. It's this one I have:
I've tweaked this router settings to enable firewall. However, testmyfirewall.com is still able to see my Internal IP number (not the external, provided by my ISP, that's what is disturbing).
Question: How bad is it in the real world?. Ports I've open in my router/firewall are for P2P as emule and bittorrent.
Question2: I often plan to use Linux as a router. I am always thought that to be a big of work, to turn on one computer just to use another one ::
Here you can create an IPTables firewall to use as a starting point. The firewall generated will be comprehensive. Then you can start opening ports.
Also, I would shy away from using an online service to test my firewall. Instead, I would use a copy of Nessus.... just make sure you use it from outside your firewall. Connect to a friends network and test from there.
Use the test at grc.com it's a lot more straight forward although still as alarmist as other sites.
Most these kind of sites are just trying to sell you a firewall or some other "security solution" and you should take their findings with a pinch of salt. Does it really matter if someone can see your IP? No, not really. Does it matter if soemone can tell a port is closed instead of "Stealthed", well no, not really, so what? the port is closed and that's what matters.
Not a problem. I remember when I first started having problems with IPTables. I found that once I had a basic firewall, I could tinker with it from there. If you have any problems, let me know.
Originally posted by win32sux but still, how is it that one can see a private IP address from outside of a NAT router???
It isn't really possible without first compromising the host behind the router. The only reason his internal IP is showing is because his web browser is set to run with scripts enabled. In other words, it is just a browser trick.
Try running the test with javascripts disabled and see for yourself
Originally posted by ror Does it matter if soemone can tell a port is closed instead of "Stealthed"
Well, in a way yes.
If a port is closed it will respond as such, giving away that there is a machine online with that address. If a port is stealth it will not respond (reply) with anything. So the attacker will likely move on to a machine which is actually known to be 'alive'.
Originally posted by soulstace The only reason his internal IP is showing is because his web browser is set to run with scripts enabled. In other words, it is just a browser trick.
Originally posted by ror so what if someone knows there's a machine at my address online? If my ports are closed there's nothing they can do anyway.
If your machine is known to be online then that quite clearly makes it a possible point of attack. My point is that closed ports are not as safe, nor will they ever be as safe as stealthed ports. A stealthed port wouldn't respond to a connection even if there was a service listening on it.
You could easily do the same thing using the REJECT target and have the port with a service running appear as closed also...
In fact having a port 'stealthed' isn't really any more 'safe' than having it 'closed'. The only difference is that A) you can identify whether the system is up and B) it can be useful for OS fingerprinting. The only things that make a given port safe are whether a remote host can actually interact with a daemon and whether that daemon is vulnerable to exploitation.
A closed port is easy to open. Simply start a service listening on a port. A stealth port is safer because even if a rootkit or trojan happens to be downloaded and installed it is still not allowed thru the firewall.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.