Re: Personal firewall
Very cool, Bruce: Thanks for posting this. I have it bookmarked. 73 de Glenn On Thursday 06 September 2001 09:30, you wrote: Thought you might want to make a note of this site: http://www.whatismyip.com/ -- Glenn Williams - [EMAIL PROTECTED] Registered Linux User #135678 Powered by SuSE 7.2 Linux Professional ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
RE: Personal firewall
What is your gateway address?
Also, This may be a bit cheesy, but what is the IP address that is shown when you have
your have your shields tested at www.grc.com?
Regards,
Wil McGilvery
Manager, Digital Media
Lynch Technologies Inc.
416-744-7191
1-888-622-3729
416-744-0406 FAX
www.lynchdigital.com
-Original Message-
From: Bruce Marshall [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 04, 2001 3:08 PM
To: [EMAIL PROTECTED]
Subject: Re: Personal firewall
On Tuesday 04 September 2001 02:58 pm, Glenn Williams wrote:
Bruce:
Sorry - I guess I neglected to mention - as of last Thursday I am on
DSL - hot all the time. No dial-up or dial-on-demand.
Well, I think then that the ISP has you on a local network. I am pretty sure
that 10.0.0.x is one of those 'non-routable' addresses and therefore your box
can't be accessed.
Maybe someone else can give us a clue.
Anything else I should furnish?
Regards,
Glenn
On Tuesday 04 September 2001 12:03, you wrote:
On Tuesday 04 September 2001 01:42 pm, Glenn Williams wrote:
Hi, Bruce:
Busy morning - later getting back to you. Here's the output of
'ifconfig' (long form):
Well yes, but don't you dial up on the phone?? I would need the
ppp0 part of the ifconfig output. The 10.0.0.2 address must be
your local LAN address.
eth0 Link encap:Ethernet HWaddr 00:03:47:95:E1:B5
inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0
^^^
inet6 addr: fe80::203:47ff:fe95:e1b5/10 Scope:Link
inet6 addr: fe80::3:4795:e1b5/10 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1
RX packets:72619 errors:0 dropped:0 overruns:0 frame:0
TX packets:8775 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:9553606 (9.1 Mb) TX bytes:1018790 (994.9 Kb)
Interrupt:10 Base address:0xf000
Thanks.
Regards,
Glenn
On Tuesday 04 September 2001 09:56, you wrote:
On Monday 03 September 2001 10:32 am, Glenn Williams wrote:
Hi, Bruce:
I appreciate the offer. However, my ISP uses a DHCP server, so
I dunno how we could do that using my IP address. Cann one use
the current dynamic address for that purpose?
Yes... you would:
1) Connect up and stay connected.
2) Do an ifconfig to find your current IP address.
3) Send me email with same.
4) I run the scan.
+
+ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire,
MI 09/04/01 11:56 +
+
+ Whenever I think of the past, it brings back so
many memories... ___
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
-http://linux.nf/mailman/listinfo/linux-users
--
++
+ Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 15:06 +
++
I'm just working here till a good fast-food job opens up.
___
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
-http://linux.nf/mailman/listinfo/linux-users
___
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
-http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
Hi, Joel: Thanks for the firewall tutorial. I'm sure it will be useful, once I've digested all the information in it. I'm grateful to you for taking the time to send this to me. I have some books on TCP/IP and one which specifically covers firewalls and Internet security, but they are obsolete - written in the mid-90s when I was using TCP/IP in amateur packet radio networks. I'm using the SuSE 7.2 Pro personal firewall which is non-configurable. It's either enabled or disabled, and that's about it. However, there's a SuSE Firewall that ships with this distro, and it is *very* configurable. So I will examine that with deeper scrutiny. I'll also check amazon.com for what books are available on-line about firewalls and security. Thanks again for the advice and information. 73 de Glenn On Tuesday 04 September 2001 18:25, you wrote: DENY tcp l- 0xFF 0x00 eth1 0.0.0.0/0 24.182.146.18 * - 1:1023 rule protocol log Who knows NIC any ip my ip from any port to your ports Translation: Deny tcp packets, logging it, Huh??, to my eth1 from any ip on the planet to the ip address of the NIC of my router (which connects to the internet) from any port to my ports 1 to 1023. ip's are in dot quad format with a netmask if needed. 0.0.0.0. is host 0.0.0.0 but 0.0.0.0/0 is any ip. 127.0.0.0/24 is the local host. Firewalls are simple once you have the few rules figured out. Here is a simple rule from my firewall. It denies all requests from any host to my internet facing NIC to access the ports from 1 to 1023 (These are the privileged ports to which various services, like ftp, telnet, printing, and others listen for requests for services. You likely didn't know that port 515 (port for printing local or network files) is ripe for exploitation. You are at a crucial stage. If you don't learn this simple stuff, you will be like those poor souls in Shakespeare, who, not catching the tide at its flood, will wallow in the shallows, etc., at least as far as security. For your own good, and for the good of your security, firewalls are way too important to leave to magic security scripts. You should know which other ports you have to protect, like 6000 (your X server) and make sure to prevent unwanted people from attaching to such services. I just edit my firewall using vi. It is so simple that way. ipchains-save file Edit the file ipchains -F; cat file | ipchains-restore -f Piece of cake. Buy a book or read about firewalls. You have been warned. In addition, if you want to arrange ipmasq or use nonstandard ports for services (Say, to disguise your web page from your ISP which bans such things), knowing about firewalls is essential. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users -- Glenn Williams - [EMAIL PROTECTED] Registered Linux User #135678 Powered by SuSE 7.2 Linux Professional ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
Glenn Williams wrote: snip grc.com was not much help. First of all, I had to switch to windoze and a different firewall. They report my IP address as 10.0.0.2, and then gave me a boilerplate blurb about how IETF in their wisdom set aside a large block of addresses for internal network use (which was rather astute, and all very true, of course). Thanks. snip IIRC, you downloaded and ran IP_agent. That does require windows to run, it's a windows program. grc.com offers a Shields Up scan that tells you you external IP address, the IP that the Internet sees. I just navigated to the shields up page from RedHat, https://grc.com/x/ne.dll?bh0bkyd2, running the scan is not OS-specific. On that screen, just navigate down past the Free IP Agent BS and click on the button for Test My Shields!. There's also a button there for a minimal Port scan. No download of any software should be required. HTH, Tim ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Tuesday 04 September 2001 21:30 pm, Glenn Williams wrote: I'm using the SuSE 7.2 Pro personal firewall which is non-configurable. It's either enabled or disabled, and that's about it. However, there's a SuSE Firewall that ships with this distro, and it is *very* configurable. So I will examine that with deeper scrutiny. Are you talking about SuSEfirewall2 ?? It seems pretty good. -- ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/05/01 10:57 + ++ All the world's a stage and the people on it are poorly rehearsed. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
Thanks, Tim: Obviously I did not read the info on the grc site carefully. I'll give that a try. Regards, Glenn On Wednesday 05 September 2001 08:57, you wrote: Glenn Williams wrote: snip grc.com was not much help. First of all, I had to switch to windoze and a different firewall. They report my IP address as 10.0.0.2, and then gave me a boilerplate blurb about how IETF in their wisdom set aside a large block of addresses for internal network use (which was rather astute, and all very true, of course). Thanks. snip IIRC, you downloaded and ran IP_agent. That does require windows to run, it's a windows program. grc.com offers a Shields Up scan that tells you you external IP address, the IP that the Internet sees. I just navigated to the shields up page from RedHat, https://grc.com/x/ne.dll?bh0bkyd2, running the scan is not OS-specific. On that screen, just navigate down past the Free IP Agent BS and click on the button for Test My Shields!. There's also a button there for a minimal Port scan. No download of any software should be required. HTH, Tim ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users -- Glenn Williams - [EMAIL PROTECTED] Registered Linux User #135678 Powered by SuSE 7.2 Linux Professional ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Tuesday 04 September 2001 11:28 am, Glenn Williams wrote: On Wednesday 05 September 2001 08:58, you wrote: On Tuesday 04 September 2001 21:30 pm, Glenn Williams wrote: I'm using the SuSE 7.2 Pro personal firewall which is non-configurable. It's either enabled or disabled, and that's about it. However, there's a SuSE Firewall that ships with this distro, and it is *very* configurable. So I will examine that with deeper scrutiny. Are you talking about SuSEfirewall2 ?? It seems pretty good. Yep, that's the one. SuSE ships two firewalls - personal firewall which I'm using now, and the configurable SuSEFirewall, which I will probably switch to in the future when I am somewhat more knowledgeable, i.e. 5 or 10 years. Firewall2 is on a special site. It is different than SuSEfirewall (don't have the site handy) 73 de Glenn -- ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/05/01 11:51 + ++ Mind like a steel trap - rusty and illegal in 37 states. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Tuesday 04 September 2001 11:30 am, Glenn Williams wrote: Thanks, Tim: Obviously I did not read the info on the grc site carefully. I'll give that a try. Regards, Glenn Here's your NMAP scan: Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 Interesting ports on (66.55.21.94): (The 1522 ports scanned but not shown below are in state: filtered) Port State Service 23/tcp opentelnet Nmap run completed -- 1 IP address (1 host up) scanned in 2228 seconds One port open... and just the port you don't want open. And here's what I got when I tried to telnet to it: bmarsh@linux1:~ telnet xxx.xx.21.94 Trying xxx.xx.21.94... Connected to xxx.xx.21.94. Escape character is '^]'. User Access Verification Password:* Password:** Password: Didn't ask for a userid so maybe this is your router responding and it just needs a password. In any event, looks like your pretty well protected. ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/05/01 12:20 + ++ Murphy's Eighth Corollary: It is impossible to make anything foolproof because fools are so ingenious. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
Bruce: Thanks for the scan and analysis. I found a couple of my old books on TCP/IP (published in '91 and '92 respectively), but could not find the one called 'Internet Security and Firewalls' so I will be browsing amazon.com for something along those lines. If anyone has a favorite title or recommendation, I'd like to hear it while I'm in a browsing mode. Best regards, Glenn On Wednesday 05 September 2001 10:23, you wrote: On Tuesday 04 September 2001 11:30 am, Glenn Williams wrote: Thanks, Tim: Obviously I did not read the info on the grc site carefully. I'll give that a try. Regards, Glenn Here's your NMAP scan: Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 Interesting ports on (66.55.21.94): (The 1522 ports scanned but not shown below are in state: filtered) Port State Service 23/tcp opentelnet Nmap run completed -- 1 IP address (1 host up) scanned in 2228 seconds One port open... and just the port you don't want open. And here's what I got when I tried to telnet to it: bmarsh@linux1:~ telnet xxx.xx.21.94 Trying xxx.xx.21.94... Connected to xxx.xx.21.94. Escape character is '^]'. User Access Verification Password:* Password:** Password: Didn't ask for a userid so maybe this is your router responding and it just needs a password. In any event, looks like your pretty well protected. + + + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/05/01 12:20 + + + Murphy's Eighth Corollary: It is impossible to make anything foolproof because fools are so ingenious. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users -- Glenn Williams - [EMAIL PROTECTED] Registered Linux User #135678 Powered by SuSE 7.2 Linux Professional ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
Hi, Joel: I followed your suggestion, and the results are meaningless to me; the output gave a list of sources and destinations, and the IP addresses were all 0.0.0.0s. Port 53 figured prominently in the output also, if that has any significance. I am nearly 8 years away from my amateur packet radio experience with TCP/IP and I have forgotten what little I knew. I am grateful for your reply. Regards, Glenn On Monday 03 September 2001 22:45, you wrote: I set up the Personal Firewall a while ago and now I'm wondering how I can tell if it's working. I edited the appropriate file a la the configuration manual, to enable it. It is non-configurable; it's either on or off. A look at /var/log/boot.msg yielded the following Is this ipchains? If so, there are ways to look at it to tell if it is working. ipchains -L -vn | less for example. Do it in an xterm with font set to medium. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users -- Glenn Williams - [EMAIL PROTECTED] Registered Linux User #135678 Powered by SuSE 7.2 Linux Professional ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Monday 03 September 2001 07:38 am, Glenn Williams wrote: Hi, Bruce: Thanks for the info. I went to 'vulnerabilities' web site and initiated a scan of my ISP, not knowing what else to use for a host address to be scanned. It returned the following result: You would want to put in your own IP number as determined by the use of the ifconfig command. However, my scan too timed out. Don't know what their problem is. Next choice would be to get someone else to run the scan for you.I'd be glad to do it if we can coordinate. You'd have to send me your IP address via email and I'd run the scan. -- ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 08:31 + ++ Roger's Law: As soon as the stewardesss serves the coffee, the airliner encounters turbulence. Davis's explanation: Serving coffee on an airliner causes turbulence. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
Hi, Bruce: I appreciate the offer. However, my ISP uses a DHCP server, so I dunno how we could do that using my IP address. Cann one use the current dynamic address for that purpose? Regards, Glenn On Tuesday 04 September 2001 06:34, you wrote: On Monday 03 September 2001 07:38 am, Glenn Williams wrote: Hi, Bruce: Thanks for the info. I went to 'vulnerabilities' web site and initiated a scan of my ISP, not knowing what else to use for a host address to be scanned. It returned the following result: You would want to put in your own IP number as determined by the use of the ifconfig command. However, my scan too timed out. Don't know what their problem is. Next choice would be to get someone else to run the scan for you. I'd be glad to do it if we can coordinate. You'd have to send me your IP address via email and I'd run the scan. -- Glenn Williams - [EMAIL PROTECTED] Registered Linux User #135678 Powered by SuSE 7.2 Linux Professional ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
RE: Personal firewall
You can use your current IP address for the purpose of being scanned. Regards, Wil McGilvery Manager, Digital Media Lynch Technologies Inc. 416-744-7191 1-888-622-3729 416-744-0406 FAX www.lynchdigital.com -Original Message- From: Glenn Williams [mailto:[EMAIL PROTECTED]] Sent: Monday, September 03, 2001 10:33 AM To: [EMAIL PROTECTED] Subject: Re: Personal firewall Hi, Bruce: I appreciate the offer. However, my ISP uses a DHCP server, so I dunno how we could do that using my IP address. Cann one use the current dynamic address for that purpose? Regards, Glenn On Tuesday 04 September 2001 06:34, you wrote: On Monday 03 September 2001 07:38 am, Glenn Williams wrote: Hi, Bruce: Thanks for the info. I went to 'vulnerabilities' web site and initiated a scan of my ISP, not knowing what else to use for a host address to be scanned. It returned the following result: You would want to put in your own IP number as determined by the use of the ifconfig command. However, my scan too timed out. Don't know what their problem is. Next choice would be to get someone else to run the scan for you. I'd be glad to do it if we can coordinate. You'd have to send me your IP address via email and I'd run the scan. -- Glenn Williams - [EMAIL PROTECTED] Registered Linux User #135678 Powered by SuSE 7.2 Linux Professional ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Monday 03 September 2001 10:32 am, Glenn Williams wrote: Hi, Bruce: I appreciate the offer. However, my ISP uses a DHCP server, so I dunno how we could do that using my IP address. Cann one use the current dynamic address for that purpose? Yes... you would: 1) Connect up and stay connected. 2) Do an ifconfig to find your current IP address. 3) Send me email with same. 4) I run the scan. ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 11:56 + ++ Whenever I think of the past, it brings back so many memories... ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
Hi, Bruce: Busy morning - later getting back to you. Here's the output of 'ifconfig' (long form): eth0 Link encap:Ethernet HWaddr 00:03:47:95:E1:B5 inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0 ^^^ inet6 addr: fe80::203:47ff:fe95:e1b5/10 Scope:Link inet6 addr: fe80::3:4795:e1b5/10 Scope:Link UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 RX packets:72619 errors:0 dropped:0 overruns:0 frame:0 TX packets:8775 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:9553606 (9.1 Mb) TX bytes:1018790 (994.9 Kb) Interrupt:10 Base address:0xf000 Thanks. Regards, Glenn On Tuesday 04 September 2001 09:56, you wrote: On Monday 03 September 2001 10:32 am, Glenn Williams wrote: Hi, Bruce: I appreciate the offer. However, my ISP uses a DHCP server, so I dunno how we could do that using my IP address. Cann one use the current dynamic address for that purpose? Yes... you would: 1) Connect up and stay connected. 2) Do an ifconfig to find your current IP address. 3) Send me email with same. 4) I run the scan. + + + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 11:56 + + + Whenever I think of the past, it brings back so many memories... ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users -- Glenn Williams - [EMAIL PROTECTED] Registered Linux User #135678 Powered by SuSE 7.2 Linux Professional ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Tuesday 04 September 2001 01:42 pm, Glenn Williams wrote: Hi, Bruce: Busy morning - later getting back to you. Here's the output of 'ifconfig' (long form): Well yes, but don't you dial up on the phone?? I would need the ppp0 part of the ifconfig output. The 10.0.0.2 address must be your local LAN address. eth0 Link encap:Ethernet HWaddr 00:03:47:95:E1:B5 inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0 ^^^ inet6 addr: fe80::203:47ff:fe95:e1b5/10 Scope:Link inet6 addr: fe80::3:4795:e1b5/10 Scope:Link UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 RX packets:72619 errors:0 dropped:0 overruns:0 frame:0 TX packets:8775 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:9553606 (9.1 Mb) TX bytes:1018790 (994.9 Kb) Interrupt:10 Base address:0xf000 Thanks. Regards, Glenn On Tuesday 04 September 2001 09:56, you wrote: On Monday 03 September 2001 10:32 am, Glenn Williams wrote: Hi, Bruce: I appreciate the offer. However, my ISP uses a DHCP server, so I dunno how we could do that using my IP address. Cann one use the current dynamic address for that purpose? Yes... you would: 1) Connect up and stay connected. 2) Do an ifconfig to find your current IP address. 3) Send me email with same. 4) I run the scan. + + + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 11:56 + + + Whenever I think of the past, it brings back so many memories... ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users -- ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 14:02 + ++ There's no traffic jam on the extra mile. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
Bruce: Sorry - I guess I neglected to mention - as of last Thursday I am on DSL - hot all the time. No dial-up or dial-on-demand. Anything else I should furnish? Regards, Glenn On Tuesday 04 September 2001 12:03, you wrote: On Tuesday 04 September 2001 01:42 pm, Glenn Williams wrote: Hi, Bruce: Busy morning - later getting back to you. Here's the output of 'ifconfig' (long form): Well yes, but don't you dial up on the phone?? I would need the ppp0 part of the ifconfig output. The 10.0.0.2 address must be your local LAN address. eth0 Link encap:Ethernet HWaddr 00:03:47:95:E1:B5 inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0 ^^^ inet6 addr: fe80::203:47ff:fe95:e1b5/10 Scope:Link inet6 addr: fe80::3:4795:e1b5/10 Scope:Link UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 RX packets:72619 errors:0 dropped:0 overruns:0 frame:0 TX packets:8775 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:9553606 (9.1 Mb) TX bytes:1018790 (994.9 Kb) Interrupt:10 Base address:0xf000 Thanks. Regards, Glenn On Tuesday 04 September 2001 09:56, you wrote: On Monday 03 September 2001 10:32 am, Glenn Williams wrote: Hi, Bruce: I appreciate the offer. However, my ISP uses a DHCP server, so I dunno how we could do that using my IP address. Cann one use the current dynamic address for that purpose? Yes... you would: 1) Connect up and stay connected. 2) Do an ifconfig to find your current IP address. 3) Send me email with same. 4) I run the scan. + + + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 11:56 + + + Whenever I think of the past, it brings back so many memories... ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users -- Glenn Williams - [EMAIL PROTECTED] Registered Linux User #135678 Powered by SuSE 7.2 Linux Professional ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Tuesday 04 September 2001 02:58 pm, Glenn Williams wrote:
Bruce:
Sorry - I guess I neglected to mention - as of last Thursday I am on
DSL - hot all the time. No dial-up or dial-on-demand.
Well, I think then that the ISP has you on a local network. I am pretty sure
that 10.0.0.x is one of those 'non-routable' addresses and therefore your box
can't be accessed.
Maybe someone else can give us a clue.
Anything else I should furnish?
Regards,
Glenn
On Tuesday 04 September 2001 12:03, you wrote:
On Tuesday 04 September 2001 01:42 pm, Glenn Williams wrote:
Hi, Bruce:
Busy morning - later getting back to you. Here's the output of
'ifconfig' (long form):
Well yes, but don't you dial up on the phone?? I would need the
ppp0 part of the ifconfig output. The 10.0.0.2 address must be
your local LAN address.
eth0 Link encap:Ethernet HWaddr 00:03:47:95:E1:B5
inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0
^^^
inet6 addr: fe80::203:47ff:fe95:e1b5/10 Scope:Link
inet6 addr: fe80::3:4795:e1b5/10 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1
RX packets:72619 errors:0 dropped:0 overruns:0 frame:0
TX packets:8775 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:9553606 (9.1 Mb) TX bytes:1018790 (994.9 Kb)
Interrupt:10 Base address:0xf000
Thanks.
Regards,
Glenn
On Tuesday 04 September 2001 09:56, you wrote:
On Monday 03 September 2001 10:32 am, Glenn Williams wrote:
Hi, Bruce:
I appreciate the offer. However, my ISP uses a DHCP server, so
I dunno how we could do that using my IP address. Cann one use
the current dynamic address for that purpose?
Yes... you would:
1) Connect up and stay connected.
2) Do an ifconfig to find your current IP address.
3) Send me email with same.
4) I run the scan.
+
+ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire,
MI 09/04/01 11:56 +
+
+ Whenever I think of the past, it brings back so
many memories... ___
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
-http://linux.nf/mailman/listinfo/linux-users
--
++
+ Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 15:06 +
++
I'm just working here till a good fast-food job opens up.
___
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
-http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
The IP you gave for eth0 is definately an internal network address, not accessible from the outside world. Did your DSL provider give/sell you a router? Many DSL routers are capable of providing DHCP services for an internal network. You could always go to GRC.com, https://grc.com/x/ne.dll?bh0bkyd2, and do a Sheilds-Up scan. It's not the most thorough scan in the world, but it'll tell you your external IP address, at the least. HTH, Tim Glenn Williams wrote: Bruce: Sorry - I guess I neglected to mention - as of last Thursday I am on DSL - hot all the time. No dial-up or dial-on-demand. Anything else I should furnish? Regards, Glenn On Tuesday 04 September 2001 12:03, you wrote: On Tuesday 04 September 2001 01:42 pm, Glenn Williams wrote: Hi, Bruce: Busy morning - later getting back to you. Here's the output of 'ifconfig' (long form): Well yes, but don't you dial up on the phone?? I would need the ppp0 part of the ifconfig output. The 10.0.0.2 address must be your local LAN address. eth0 Link encap:Ethernet HWaddr 00:03:47:95:E1:B5 inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0 ^^^ inet6 addr: fe80::203:47ff:fe95:e1b5/10 Scope:Link inet6 addr: fe80::3:4795:e1b5/10 Scope:Link UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 RX packets:72619 errors:0 dropped:0 overruns:0 frame:0 TX packets:8775 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:9553606 (9.1 Mb) TX bytes:1018790 (994.9 Kb) Interrupt:10 Base address:0xf000 Thanks. Regards, Glenn On Tuesday 04 September 2001 09:56, you wrote: On Monday 03 September 2001 10:32 am, Glenn Williams wrote: Hi, Bruce: I appreciate the offer. However, my ISP uses a DHCP server, so I dunno how we could do that using my IP address. Cann one use the current dynamic address for that purpose? Yes... you would: 1) Connect up and stay connected. 2) Do an ifconfig to find your current IP address. 3) Send me email with same. 4) I run the scan. + + + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 11:56 + + + Whenever I think of the past, it brings back so many memories... ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Tuesday 04 September 2001 03:25 pm, Tim Wunder wrote: The IP you gave for eth0 is definately an internal network address, not accessible from the outside world. Did your DSL provider give/sell you a router? Many DSL routers are capable of providing DHCP services for an internal network. You could always go to GRC.com, https://grc.com/x/ne.dll?bh0bkyd2, and do a Sheilds-Up scan. It's not the most thorough scan in the world, but it'll tell you your external IP address, at the least. HTH, Tim Glenn Williams wrote: Bruce: Sorry - I guess I neglected to mention - as of last Thursday I am on DSL - hot all the time. No dial-up or dial-on-demand. Anything else I should furnish? Hey Glenn: I assume you have only one nic card in your machine What is the output of your 'route' command? The problem is to find out what your IP address is on the far side of whatever box you have connected to eth0 You might also try:traceroute yourisp.com and see whether we can determine anything from that. Regards, Glenn On Tuesday 04 September 2001 12:03, you wrote: On Tuesday 04 September 2001 01:42 pm, Glenn Williams wrote: Hi, Bruce: Busy morning - later getting back to you. Here's the output of 'ifconfig' (long form): Well yes, but don't you dial up on the phone?? I would need the ppp0 part of the ifconfig output. The 10.0.0.2 address must be your local LAN address. eth0 Link encap:Ethernet HWaddr 00:03:47:95:E1:B5 inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0 ^^^ inet6 addr: fe80::203:47ff:fe95:e1b5/10 Scope:Link inet6 addr: fe80::3:4795:e1b5/10 Scope:Link UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 RX packets:72619 errors:0 dropped:0 overruns:0 frame:0 TX packets:8775 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:9553606 (9.1 Mb) TX bytes:1018790 (994.9 Kb) Interrupt:10 Base address:0xf000 Thanks. Regards, Glenn On Tuesday 04 September 2001 09:56, you wrote: On Monday 03 September 2001 10:32 am, Glenn Williams wrote: Hi, Bruce: I appreciate the offer. However, my ISP uses a DHCP server, so I dunno how we could do that using my IP address. Cann one use the current dynamic address for that purpose? Yes... you would: 1) Connect up and stay connected. 2) Do an ifconfig to find your current IP address. 3) Send me email with same. 4) I run the scan. + + + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 11:56 + + + Whenever I think of the past, it brings back so many memories... ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users -- ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 15:30 + ++ How can you tell when a programmer is lying? His lawyer's lips move. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
Bruce and Tim: Thanks for your help and comments. More info follows, below: On Tuesday 04 September 2001 13:32, you wrote: [snip] Hey Glenn: I assume you have only one nic card in your machine What is the output of your 'route' command? The problem is to find out what your IP address is on the far side of whatever box you have connected to eth0 You might also try:traceroute yourisp.com and see whether we can determine anything from that. Bruce: The 'route' command yields a *totally* blank routing table. 'Traceroute' gives: traceroute to www.cybermesa.com (209.12.73.3), 30 hops max, 40 byte packets 1 10.0.0.1 (10.0.0.1) 2 ms 1 ms 1 ms 2 66.55.21.1 (66.55.21.1) 51 ms 56 ms 56 ms 3 www.cybermesa.com (209.12.73.3) 56 ms 54 ms 56 ms FYI: I rebooted into windoze and downloaded IP Agent (IP_Agent.exe) from grc.com and ran it from windoze. It said that addresses such as mine (10.0.0.2 - current dynamic address) are recyclable, and unreachable from the external public Internet, and thus secure against typical threats and discovery from passing Internet scanners. Regards, Glenn -- Glenn Williams - [EMAIL PROTECTED] Registered Linux User #135678 Powered by SuSE 7.2 Linux Professional ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Tuesday 04 September 2001 04:43 am, Glenn Williams wrote: Bruce and Tim: Thanks for your help and comments. More info follows, below: On Tuesday 04 September 2001 13:32, you wrote: [snip] Hey Glenn: I assume you have only one nic card in your machine What is the output of your 'route' command? The problem is to find out what your IP address is on the far side of whatever box you have connected to eth0 You might also try:traceroute yourisp.com and see whether we can determine anything from that. Bruce: The 'route' command yields a *totally* blank routing table. 'Traceroute' gives: traceroute to www.cybermesa.com (209.12.73.3), 30 hops max, 40 byte packets 1 10.0.0.1 (10.0.0.1) 2 ms 1 ms 1 ms 2 66.55.21.1 (66.55.21.1) 51 ms 56 ms 56 ms 3 www.cybermesa.com (209.12.73.3) 56 ms 54 ms 56 ms FYI: I rebooted into windoze and downloaded IP Agent (IP_Agent.exe) from grc.com and ran it from windoze. It said that addresses such as mine (10.0.0.2 - current dynamic address) are recyclable, and unreachable from the external public Internet, and thus secure against typical threats and discovery from passing Internet scanners. Regards, Glenn -- ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 18:47 + ++ Ever stop to think, and forget to start again? ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Tuesday 04 September 2001 04:43 am, Glenn Williams wrote: Bruce and Tim: Thanks for your help and comments. More info follows, below: On Tuesday 04 September 2001 13:32, you wrote: Try this sometime: 1) Send me an email that you are about to: 2) telnet bmarsh.com I can then match up the email time with the time that I find someone knocking on my door.. Just for grins ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 18:48 + ++ In theory, there is no difference between theory and practice, but in practice... there is no similarity between theory and practice. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Tuesday 04 September 2001 16:49, you wrote: Try this sometime: 1) Send me an email that you are about to: 2) telnet bmarsh.com I can then match up the email time with the time that I find someone knocking on my door.. Just for grins Okay, Bruce: Here goes... I don't know what to expect, so I'll just 'wing it.' It is 5:42 MDT. -- Glenn Williams - [EMAIL PROTECTED] Registered Linux User #135678 Powered by SuSE 7.2 Linux Professional ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
On Tuesday 04 September 2001 07:44 am, Glenn Williams wrote: Here goes... I don't know what to expect, so I'll just 'wing it.' It is 5:42 MDT. MDT?? MDT??oh sure, make it really tough on me...:o) -- ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 09/04/01 20:12 + ++ The average woman would rather have beauty than brains, because the average man can see better than he can think. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
DENY tcp l- 0xFF 0x00 eth1 0.0.0.0/0 24.182.146.18 * - 1:1023 rule protocol log Who knows NIC any ip my ip from any port to your ports Translation: Deny tcp packets, logging it, Huh??, to my eth1 from any ip on the planet to the ip address of the NIC of my router (which connects to the internet) from any port to my ports 1 to 1023. ip's are in dot quad format with a netmask if needed. 0.0.0.0. is host 0.0.0.0 but 0.0.0.0/0 is any ip. 127.0.0.0/24 is the local host. Firewalls are simple once you have the few rules figured out. Here is a simple rule from my firewall. It denies all requests from any host to my internet facing NIC to access the ports from 1 to 1023 (These are the privileged ports to which various services, like ftp, telnet, printing, and others listen for requests for services. You likely didn't know that port 515 (port for printing local or network files) is ripe for exploitation. You are at a crucial stage. If you don't learn this simple stuff, you will be like those poor souls in Shakespeare, who, not catching the tide at its flood, will wallow in the shallows, etc., at least as far as security. For your own good, and for the good of your security, firewalls are way too important to leave to magic security scripts. You should know which other ports you have to protect, like 6000 (your X server) and make sure to prevent unwanted people from attaching to such services. I just edit my firewall using vi. It is so simple that way. ipchains-save file Edit the file ipchains -F; cat file | ipchains-restore -f Piece of cake. Buy a book or read about firewalls. You have been warned. In addition, if you want to arrange ipmasq or use nonstandard ports for services (Say, to disguise your web page from your ISP which bans such things), knowing about firewalls is essential. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Personal firewall
I set up the Personal Firewall a while ago and now I'm wondering how I can tell if it's working. I edited the appropriate file a la the configuration manual, to enable it. It is non-configurable; it's either on or off. A look at /var/log/boot.msg yielded the following Is this ipchains? If so, there are ways to look at it to tell if it is working. ipchains -L -vn | less for example. Do it in an xterm with font set to medium. Joel ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
