Re: Stealth Firewall...
connection refused means there is no firewall there on that
port/protocol. a properly firewalled port will time out when a connection
is attampted. as for IGMP i dont think that is even enabled in the kernel
is it ?? thought only tcp/udp and icmp by default. firewalling icmp was
for me, kidna complicated, as there are many types of icmp. i ended up
blocking icmp type 8, which appears to block pings, but allow
traceroutes. some sample rules from my configuration(linux 2.0, ipfwadm)
#caught portscanning on 9-11-99
/sbin/ipfwadm -Ia deny -P all -S 131.123.46.150 -D 0.0.0.0/0
/sbin/ipfwadm -Ia deny -P all -S 209.251.178.30 -D 0.0.0.0/0
#caught portscanning on 9-12-99
/sbin/ipfwadm -Ia deny -P all -S 207.108.153.229 -D 0.0.0.0/0
/sbin/ipfwadm -I -P icmp -a reject -S 0.0.0.0/0 8
# lots of connections to DNS 9-26-99
/sbin/ipfwadm -Ia deny -P all -S 216.32.68.11 -D 0.0.0.0/0
/sbin/ipfwadm -Ia deny -P all -S 209.67.78.202 -D 0.0.0.0/0
you could block everyone on all supported protocols(with the -P all
flag) and allow each ip/protocol ..would be a lot of work i think but it'd
be possible(depending on what u want to be allowed in)
i also got telnet firewalled
/sbin/ipfwadm -Ia deny -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 23
if you telnet to me, it will time out(my ip is 208.222.179.31) if it
doesn't i will shit my pants, either that or you're comming from inside my
subnets :)
nate
----------------------------------------[mailto:aphro@aphroland.org ]--
Vice President Network Operations http://www.firetrail.com/
Firetrail Internet Services Limited http://www.aphroland.org/
Everett, WA 425-348-7336 http://www.linuxpowered.net/
Powered By: http://comedy.aphroland.org/
Debian 2.1 Linux 2.0.36 SMP http://yahoo.aphroland.org/
-----------------------------------------[mailto:aphro@netquest.net ]--
On Tue, 26 Oct 1999, Onno wrote:
> How can I equip my firewall with -STEALTH- capabilities?
>
> I know that TCP and UDP connections are done by
> specific network demons or that inetd will startup
> the necessary network demon. I'm also familiar
> with tcpd within inetd.
>
> But how can I get my Firewall (potato) too act
> like there is no computer, i.e. does not
> report to the outside:
>
> $ telnet my_firewall
> Trying 1.2.3.4...
> telnet: Unable to connect to remote host: Connection refused
> $ _
>
> but:
>
> $ telnet my_firewall
> Trying 1.2.3.4...
>
> And just trying, so that there is NO EVIDENCE WHATSOEVER
> that a port (or even any computer) exists at this IP address !!!
>
> I want control over all the protocols: TCP, UDP, ICMP and IGMP.
> For example:
> - how can I disable the inetd "Connection refused" stuff (TCP/UDP) ?
> - how can I disableping (ICMP) ?
> - etc.
>
> Some elaborated info on the topic would be appreciated!
>
> Thanks,
>
> Onno
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>
Reply to: