Re: [newbie] Advice needed on firewall...
On Thu, 28 Dec 2000, Michael O'Henly wrote: The way I understand it, portsentry senses a port scan and then immediately creates a rule that adds the scanning host to a REJECT or DENY rule. So if you've told your firewall to do this by default for all external hosts, is that the same thing? It is for the major part. But portsentry also adds a line in the messages logfile, where I can see what IP has tried to do something. If one is getting too boring, I smoke the person out and report him to his ISP. Paul -- Disclaimer: "These opinions are my own, though for a small fee they can be yours too." http://nlpagan.net - ICQ 147208 - Registered Linux User 174403 Linux Mandrake 7.2 - Pine 4.31
Re: [newbie] Advice needed on firewall...
On Wed, 27 Dec 2000, Michael O'Henly wrote: My impression is that DrakConf's "internet connection sharing" command runs a DHCP server and masquerades IPs. This is more than I need (DHCP) but it works so I'll use it. At http://mandrakeuser.org you can find a few simple tips to run internet sharing without DHCP. Just a small script on the connecting box and a gateway setting on the client that uses the line. Very simple, and works great. I'm also looking a pmfirewall http://www.pointman.org/ to provide a firewall. It looks well-documented and well-supported, and is based on IPCHAINS. Good choice, I use that too. Questions: 1. Does "internet connection sharing" create any kind of a firewall on its own? No, it does not. It may use ipchains for a few things but that is not for firewall purposes. 2. Is there any overlap between "internet connection sharing" (as implemented by LM) and pmfirewall? pmfirewall asks whether you're running a DHCP server and masquerading IPs, so I think it generates a script that takes into account these things. Correct. 3. If you have any other advice about how to protect a 1-Linux / 2-Mac home network using the Linux box, two ethernet cards and a cable connection, I'd be very interested. After setting up ipchains with pmfirewall's script, also find portsentry and have that loaded. Works fine against port-attacks. Then you should be reasonably safe. Paul -- At a certain time there is a light at the end of the tunnel. And it isn't a train. http://nlpagan.net - ICQ 147208 - Registered Linux User 174403 Linux Mandrake 7.2 - Pine 4.31
Re: [newbie] Advice needed on firewall...
On Wednesday 27 December 2000 21:53, you wrote: After setting up ipchains with pmfirewall's script, also find portsentry and have that loaded. Works fine against port-attacks. Then you should be reasonably safe. Thanks for your reply. I'm interested that you run portsentry as well as PMfirewall. In a situation where you've blocked all access to your network from external hosts (as I have), would running portsentry be redundant? I'm trying to decide whether I should add portsentry or not. The way I understand it, portsentry senses a port scan and then immediately creates a rule that adds the scanning host to a REJECT or DENY rule. So if you've told your firewall to do this by default for all external hosts, is that the same thing? Thanks. M. -- Michael O'Henly TENZO Design
Re: [newbie] Advice needed on firewall...
On Wednesday 27 December 2000 08:27 pm, Michael O'Henly wrote: I've tested this network with Shields Up and it does indeed appear not to be visible to casual miscreants. PMfirewall is available at ... http://www.pointman.org/ Shields Up is available at... https://grc.com/x/ne.dll?bh0bkyd http://www.sdesign.com/securitytest/ Complete scan is a much better test than Shields up. Test takes 30 minutes or more and they email you a full report. Still, a clean bill of health from them doesn't mean your system's bulletproof either. IMO, Shields Up is actually a disservice. Even vulnerable systems get a rave review, ie, 'full stealth' and 'your computer doesn't even appear to exist'. One bit of good advice on the Shields Up site : A FALSE sense of security is worse than being unsure. -- Tom Brinkman [EMAIL PROTECTED] Galveston Bay
Re: [newbie] Advice needed on firewall...
On Thu, 28 Dec 2000 08:59:43 -0600, Tom Brinkman said: On Wednesday 27 December 2000 08:27 pm, Michael O'Henly wrote: I've tested this network with Shields Up and it does indeed appear not to be visible to casual miscreants. PMfirewall is available at ... http://www.pointman.org/ Shields Up is available at... https://grc.com/x/ne.dll?bh0bkyd http://www.sdesign.com/securitytest/ Complete scan is a much better test than Shields up. Test takes 30 minutes or more and they email you a full report. Still, a clean bill of health from them doesn't mean your system's bulletproof either. IMO, Shields Up is actually a disservice. Even vulnerable systems get a rave review, ie, 'full stealth' and 'your computer doesn't even appear to exist'. One bit of good advice on the Shields Up site : A FALSE sense of security is worse than being unsure. -- Tom Brinkman [EMAIL PROTECTED] Galveston Bay I tried the Secure Design site and the only ports I have open are 1024 and 1025 which, the report says, are for RFS - Remote File Sharing. Could anyone tell me what these ports are used for, what L-M 7.2 program controls them, and if the is a "bad thing" to have open? I have a small, home LAN that is only used for IP/phone line sharing and there is no real need for any kind of file sharing. -- David Boles [EMAIL PROTECTED]
Re: [newbie] Advice needed on firewall...
On Thursday 28 December 2000 14:59, you wrote: On Wednesday 27 December 2000 08:27 pm, Michael O'Henly wrote: I've tested this network with Shields Up and it does indeed appear not to be visible to casual miscreants. PMfirewall is available at ... http://www.pointman.org/ Shields Up is available at... https://grc.com/x/ne.dll?bh0bkyd http://www.sdesign.com/securitytest/ Complete scan is a much better test than Shields up. Test takes 30 minutes or more and they email you a full report. Still, a clean bill of health from them doesn't mean your system's bulletproof either. IMO, Shields Up is actually a disservice. Even vulnerable systems get a rave review, ie, 'full stealth' and 'your computer doesn't even appear to exist'. One bit of good advice on the Shields Up site : A FALSE sense of security is worse than being unsure. It's also a good idea to layer your systems security instead of expecting one app or tool to do the entire job for you. i.e. ipchains and PortSentry. This is a simple layer model that works nicely on most home machines. -- Mark "If you don't share your concepts and ideals, they end up being worthless," "Sharing is what makes them powerful." Linus Torvalds
[newbie] Advice needed on firewall...
Hi... I've installed LM7.2 with "medium" security. I would have chosen a higher level but I found LM's documentation on security unclear and confusing. I know that I need to close some ports -- and I also want to use my Linux host to masquerade IPs for a couple of other machines. Ideally, I'd like closed ports to DENY rather than REJECT, and I'd like logging of connection attempts. My impression is that DrakConf's "internet connection sharing" command runs a DHCP server and masquerades IPs. This is more than I need (DHCP) but it works so I'll use it. I'm also looking a pmfirewall http://www.pointman.org/ to provide a firewall. It looks well-documented and well-supported, and is based on IPCHAINS. Questions: 1. Does "internet connection sharing" create any kind of a firewall on its own? I notice that if you use the command more than once, you get a warning that "an existing firewall" has been detected... 2. Is there any overlap between "internet connection sharing" (as implemented by LM) and pmfirewall? pmfirewall asks whether you're running a DHCP server and masquerading IPs, so I think it generates a script that takes into account these things. I just don't want to wind up in a situation where they're both applying IPCHAINS rules and perhaps conflicting. 3. If you have any other advice about how to protect a 1-Linux / 2-Mac home network using the Linux box, two ethernet cards and a cable connection, I'd be very interested. Many thanks. M.
