[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Stealth Firewall...

connection refused means there is no firewall there on that
port/protocol.  a properly firewalled port will time out when a connection
is attampted. as for IGMP i dont think that is even enabled in the kernel
is it ?? thought only tcp/udp and icmp by default.  firewalling icmp was
for me, kidna complicated, as there are many types of icmp. i ended up
blocking icmp type 8, which appears to block pings, but allow
traceroutes. some sample rules from my configuration(linux 2.0, ipfwadm)

#caught portscanning on 9-11-99
/sbin/ipfwadm -Ia deny -P all -S -D
/sbin/ipfwadm -Ia deny -P all -S -D
#caught portscanning on 9-12-99
/sbin/ipfwadm -Ia deny -P all -S -D
/sbin/ipfwadm -I -P icmp -a reject -S 8
# lots of connections to DNS 9-26-99
/sbin/ipfwadm -Ia deny -P all -S -D
/sbin/ipfwadm -Ia deny -P all -S -D

you could block everyone on all supported protocols(with the -P all
flag) and allow each ip/protocol ..would be a lot of work i think but it'd
be possible(depending on what u want to be allowed in)

i also got telnet firewalled

/sbin/ipfwadm -Ia deny -P tcp -S -D 23     

if you telnet to me, it will time out(my ip is if it
doesn't i will shit my pants, either that or you're comming from inside my
subnets :)


----------------------------------------[mailto:aphro@aphroland.org ]--
   Vice President Network Operations       http://www.firetrail.com/
  Firetrail Internet Services Limited      http://www.aphroland.org/
       Everett, WA 425-348-7336            http://www.linuxpowered.net/
            Powered By:                    http://comedy.aphroland.org/
    Debian 2.1 Linux 2.0.36 SMP            http://yahoo.aphroland.org/
-----------------------------------------[mailto:aphro@netquest.net ]--

On Tue, 26 Oct 1999, Onno wrote:

> How can I equip my firewall with -STEALTH- capabilities?
> I know that TCP and UDP connections are done by
> specific network demons or that inetd will startup
> the necessary network demon. I'm also familiar
> with tcpd within inetd.
> But how can I get my Firewall (potato) too act
> like there is no computer, i.e. does not
> report to the outside:
> $ telnet my_firewall
> Trying
> telnet: Unable to connect to remote host: Connection refused
> $ _
> but:
> $ telnet my_firewall
> Trying
> And just trying, so that there is NO EVIDENCE WHATSOEVER
> that a port (or even any computer) exists at this IP address !!!
> I want control over all the protocols: TCP, UDP, ICMP and IGMP.
> For example:
> - how can I disable the inetd "Connection refused" stuff (TCP/UDP) ?
> - how can I disableping (ICMP) ?
> - etc.
> Some elaborated info on the topic would be appreciated!
> Thanks,
> Onno
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null

Reply to: