Re: Stealth Firewall...

To: Onno <ebbin200@tech.nhl.nl>
Cc: debian-user <debian-user@lists.debian.org>, recipient list not shown: ;
Subject: Re: Stealth Firewall...
From: aphro <nate@firetrail.com>
Date: Tue, 26 Oct 1999 07:42:28 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.20.9910260737060.4800-100000@galactica.firetrail.com>
In-reply-to: <[🔎] 4.2.0.58.19991026155015.00a6dd70@mailserv.tem.nhl.nl>

connection refused means there is no firewall there on that
port/protocol.  a properly firewalled port will time out when a connection
is attampted. as for IGMP i dont think that is even enabled in the kernel
is it ?? thought only tcp/udp and icmp by default.  firewalling icmp was
for me, kidna complicated, as there are many types of icmp. i ended up
blocking icmp type 8, which appears to block pings, but allow
traceroutes. some sample rules from my configuration(linux 2.0, ipfwadm)

#caught portscanning on 9-11-99
/sbin/ipfwadm -Ia deny -P all -S 131.123.46.150 -D 0.0.0.0/0
/sbin/ipfwadm -Ia deny -P all -S 209.251.178.30 -D 0.0.0.0/0
#caught portscanning on 9-12-99
/sbin/ipfwadm -Ia deny -P all -S 207.108.153.229 -D 0.0.0.0/0
/sbin/ipfwadm -I -P icmp -a reject -S 0.0.0.0/0 8
# lots of connections to DNS 9-26-99
/sbin/ipfwadm -Ia deny -P all -S 216.32.68.11 -D 0.0.0.0/0
/sbin/ipfwadm -Ia deny -P all -S 209.67.78.202 -D 0.0.0.0/0

you could block everyone on all supported protocols(with the -P all
flag) and allow each ip/protocol ..would be a lot of work i think but it'd
be possible(depending on what u want to be allowed in)

i also got telnet firewalled

/sbin/ipfwadm -Ia deny -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 23     

if you telnet to me, it will time out(my ip is 208.222.179.31) if it
doesn't i will shit my pants, either that or you're comming from inside my
subnets :)

nate



----------------------------------------[mailto:aphro@aphroland.org ]--
   Vice President Network Operations       http://www.firetrail.com/
  Firetrail Internet Services Limited      http://www.aphroland.org/
       Everett, WA 425-348-7336            http://www.linuxpowered.net/
            Powered By:                    http://comedy.aphroland.org/
    Debian 2.1 Linux 2.0.36 SMP            http://yahoo.aphroland.org/
-----------------------------------------[mailto:aphro@netquest.net ]--

On Tue, 26 Oct 1999, Onno wrote:

> How can I equip my firewall with -STEALTH- capabilities?
> 
> I know that TCP and UDP connections are done by
> specific network demons or that inetd will startup
> the necessary network demon. I'm also familiar
> with tcpd within inetd.
> 
> But how can I get my Firewall (potato) too act
> like there is no computer, i.e. does not
> report to the outside:
> 
> $ telnet my_firewall
> Trying 1.2.3.4...
> telnet: Unable to connect to remote host: Connection refused
> $ _
> 
> but:
> 
> $ telnet my_firewall
> Trying 1.2.3.4...
> 
> And just trying, so that there is NO EVIDENCE WHATSOEVER
> that a port (or even any computer) exists at this IP address !!!
> 
> I want control over all the protocols: TCP, UDP, ICMP and IGMP.
> For example:
> - how can I disable the inetd "Connection refused" stuff (TCP/UDP) ?
> - how can I disableping (ICMP) ?
> - etc.
> 
> Some elaborated info on the topic would be appreciated!
> 
> Thanks,
> 
> Onno
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>

Reply to:

References:
- Stealth Firewall...
  - From: Onno <ebbin200@tech.nhl.nl>

Prev by Date: Re: Sun goes fully open source!
Next by Date: Re: installing StarOffice 5.1a for Linux
Previous by thread: Stealth Firewall...
Next by thread: Who is using up my root partition?
Index(es):
- Date
- Thread