Re: [expert] Bastille Part II (The answer)
I know something about networking but not enough to be dangerous yet. It looks like I'm going to have to spend a lot of time figuring out what all this ipchains coding means. I looked at the rules that were created by Bastille and it's far more complicated than what I could do manually. It's a good thing I'm not married and don't have any children. At 10:58 PM 10/27/2001 -0600, Sergio Korlowsky wrote: the quickest way to protect your pc is with the following iptables chain: /sbin/iptables -A INPUT -p tcp --syn -j DROP Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Bastille Part II
Sergio Korlowsky wrote: Internet Protocols (UDP( connectionless Short for 'User Datagram Protocol', a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network sk And DNS traffic, excepting zone transfers... -- J. Craig Woods UNIX/NT SA -Art is the illusion of spontaneity- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Bastille Part II
On Friday 26 October 2001 11:31 pm, you wrote: udp is what i believe is called a connectionless protocol, data is sent without regard to whether previous data has been received intact, tcp on the other hand allows for packets to be re-requested if they are missing or corrupt, udp is definitely used over the internet bascule On Saturday 27 October 2001 4:43 am, you wrote: I went to sygatetech.com and ran their UDP scan and it shows most ports closed and a few open ports. Maybe I don't fully understand networking protocols but isn't UDP a protocol used on LAN's only? If not, how do I put them into a stealth mode? The TCP ports all show blocked/stealth. Internet Protocols (UDP( connectionless Short for 'User Datagram Protocol', a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network sk Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Bastille Part II
At 06:37 PM 10/27/2001 -0600, Sergio Korlowsky wrote: Internet Protocols (UDP( connectionless Short for 'User Datagram Protocol', a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network OK, so how can I use Bastille to block those ports from the outside/public side/internet side? I wish I had more time to learn how to manually do this. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Bastille Part II (The answer)
On Saturday 27 October 2001 07:32 pm, you wrote: At 06:37 PM 10/27/2001 -0600, Sergio Korlowsky wrote: Internet Protocols (UDP( connectionless Short for 'User Datagram Protocol', a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network OK, so how can I use Bastille to block those ports from the outside/public side/internet side? I wish I had more time to learn how to manually do this. -- Actually you can 'block' everything you want to block just using iptables, one simple, 'chain' line can make you 'invisible from outside. Then you can add the ports you want to open, or need to open. The best rule For a personal or desktop firewall. is: If you aren't going to use it, don't open it. The command to execute iptables is simple: as root type iptables. /sbin/iptables iptables v1.2.1: no command specified Try `iptables -h' or 'iptables --help' for more information. the quickest way to protect your pc is with the following iptables chain: /sbin/iptables -A INPUT -p tcp --syn -j DROP The previous will allow you to, as the user of the computer, performed all your normal Internet activities. You will be able to browse the Web, ssh out, or chat with a friend on ICQ. On the other hand, the outside world, when trying to connect to your Linux box via TCP/IP, will simply be ignored. This is a reasonable and 'safe' solution for most Linux computers. However, one of the benefits of Linux is its remote management capabilities. one of the more popular ways is SSH, which operates on port 22, then you need to enable port 22 while keeping the rest of the connections closed. /sbin/iptables -A INPUT -p tcp --syn --destination-port 22 -j ACCEPT /sbin/iptables -A INPUT -p tcp --syn -j DROP It is probably not a good idea to let the world connect to your machine on port 22 Therefore, you can limit which machines may connect to port 22, adding the -s option. /sbin/iptables -A INPUT -p tcp --syn -s 192.168.1.110/32 --destination-port 22 -j ACCEPT /sbin/iptables -A INPUT -p tcp --syn -j DROP the -s 192.168.1.110/32 will enable only the remote machine with the IP address of 192.168.1.110 to connect to your protected host. you may create an iptables-based firewall, but each line (chain) is read sequentially, so if you want to run a public Web server. on port :80 This could be done with the following commands: /sbin/iptables -A INPUT -p tcp --syn -s 192.168.1.110/32 --destination-port 22 -j ACCEPT /sbin/iptables -A INPUT -p tcp --syn --destination-port 80 -j ACCEPT /sbin/iptables -A INPUT -p tcp --syn -j DROP A few days ago, I read an article... can't recall where by: Joshua Drake and he explains this in more detail. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Bastille Part II
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I went to sygatetech.com and ran their UDP scan and it shows most ports closed and a few open ports. Maybe I don't fully understand networking protocols but isn't UDP a protocol used on LAN's only? If not, how do I put them into a stealth mode? The TCP ports all show blocked/stealth. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE72i2HjCg8oFTHzFARAvz8AKDbG9UeXa5khIq31S7eVE+ANatFKwCfe6G4 6cnTauXsvqRxibCubCZdpCI= =ddF8 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Bastille Part II
udp is what i believe is called a connectionless protocol, data is sent without regard to whether previous data has been received intact, tcp on the other hand allows for packets to be re-requested if they are missing or corrupt, udp is definitely used over the internet bascule On Saturday 27 October 2001 4:43 am, you wrote: I went to sygatetech.com and ran their UDP scan and it shows most ports closed and a few open ports. Maybe I don't fully understand networking protocols but isn't UDP a protocol used on LAN's only? If not, how do I put them into a stealth mode? The TCP ports all show blocked/stealth. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com