Re: [newbie] Security for Mandrake
At 05:14 25.10.2001 -0400, you wrote: >Hi all, > >This is probably a FAQ, but I can't find the answer in the >e-mails I have so far Some background is needed. > >In common with quite a few people, I would expect, I'm a >long-time Windows hack trying out Linux because of Borland's >Kylix, aka Delphi for Linux. I'm starting from as near zero >knowledge of Linux as makes no difference. > >Living in a very rural area of Pennsylvania, I have a choice of >exactly one cable access provider, and they're a bit paranoid, to >put it mildly. They've managed to configure their access systems >in such a way as to (deliberately!) prevent use of a router as a >hardware firewall, unless you buy their much more expensive >"commercial" access. > >Now, when my machine is booted in Windows, I see an average of >something like 30 unauthorised access attempts a day (the >24.x.y.z IP address of most cable modems is an open invitation). >So far as Windows is concerned, I use Zone Alarm as a software >firewall, and everyone is reasonably happy (even if I'm still a >bit annoyed about having a perfectly good router sitting on my >desk doing nothing). > >I have two questions. > >1) Is there an equivalent to Zone Alarm for the Linux world - a >software firewall that will work "out of the box"? yes there is - its called ipchains for 2.2.x kernels and iptables for 2.4.x kernels. ipchains/iptables is a part of linux and it offers the possibility to build up a real packet filter firewall by configuring a set of rules for your computer. if u really want to understand what ipchains does and how it does - and if u want to build up your own firewall with your own ruleset i would suggest u reading : 1) for ipchains the IPCHAINS-HOWTO 2) for iptables : man iptables, netfilter-hacking howto, iptables-howto, packetfilter-howto if u just want a quick and easy firewall u can try bastille firewall or tiny firewall (i dunno whether its the same) u can configure it with a gui within the mandrake control center (drakconf), theres a menu-item "firewall" under security. i dont know much about it because personally i prefer to build my own rules, but basically what it will do is, ask u a set of questions and build a ruleset related to your answers. search the mailing list archives for subject "bastille" and it should come up with numerous postings regarding bastille firewall(its a frontend to ipchains/iptables i think) >2) If there isn't such a firewall, I'm being swamped by the >amount of documentation that I need to read - is there a Newbie's >guide to Linux security out there somewhere that will mean that I >can block out the hackers while I'm learning the rest of the OS? an excellent source for documentation of all kind is www.linuxdoc.org - they offer all the howtos and also guides (check these out - theres a linux security guide too i think) >Thanks, hth --quay - Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Security for Mandrake
Ipchains and or socks can be set up so that no client information is reported back. Since most NAT implementations vary, it's extemely difficult for a single technique to detect Masq'd packets. Rather most of these things rely on information passed by the host itself to the remote. Web Browsers, etc. can report things like IP address, hostnames, etc. if queried or sent by the client. Squid can be configured to report itself as a simple browser. Once done remote systems relying upon the characteristics of the requestor are unable to tell the difference. BTW: If you got to the point that the Mac list (as in Apple?) could tell your IP, then your provider does not seem to be blocking proxies and NAT at all. Check out MSN's new web page. It determines the browser you are utilizing based upon initial info sent by the client. Konqueror ALMOST fools MSN... -JMS |-Original Message- |From: Anke & Max [mailto:[EMAIL PROTECTED]] |Sent: Thursday, October 25, 2001 8:27 PM |To: [EMAIL PROTECTED] |Cc: [EMAIL PROTECTED] |Subject: Re: [newbie] Security for Mandrake | | | |Jose M. Sanchez answered Brian's questions on Thursday, |October 25, 2001 | |> |Living in a very rural area of Pennsylvania, I have a choice of |> |exactly one cable access provider, and they're a bit |paranoid, to put |> |it mildly. They've managed to configure their access |systems in such |> |a way as to (deliberately!) prevent use of a router as a hardware |> |firewall, unless you buy their much more expensive "commercial" |> |access. |> | |> |> If Linux can access the internet, there is really no way for them to |> detect it's usage as a IPCHAINS/NAT MASQ host. |> |> Many ISP's are set up to only authorize a specific host, etc. Since |> MASQ makes all the trafic appear to come from one host, it will work |> where other systems fail. | |Which tells me, then our system must be set up wrong. When I |subscribed to a Mac list last week, they could tell me which |internal win98 PC IP address the request came from. I thought |this was wrong but haven't had time to look further. We are |running 2.2.15-4mdksecure and Mandrake 7.1. Where do I start |looking to stop this information from going out and masq |properly? Thanks in advance | |Max | | Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Security for Mandrake
In reply to Ricardo Castanho de O. Freitas's words, written Thu, 25 Oct 2001 16:30:00 -0200 (BRST) >Out of the box... I don't know! but I like, use the pcx_firewall! >The default instalation is pretty good! >You can also install Bastille! It comes on mdk8.1! >In the past I used to have Bastille on my system, now I prefer pcx, though >I haven't seen the last 'editions' of Bastille! I run Bastille on 8.0 and it is very good. InteractiveBastille makes it a breeze to set it up and update the settings. Paul -- One thing you will probably remember well is anytime you forgive and forget. -Franklin P. Jones http://nlpagan.net - Registered Linux User 174403 Linux Mandrake 8.0 - Sylpheed 0.6.3 claws Open Source, Open Minds. Linux. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Security for Mandrake
On Thu, 25 Oct 2001, Brian Meadows wrote: Out of the box... I don't know! but I like, use the pcx_firewall! The default instalation is pretty good! You can also install Bastille! It comes on mdk8.1! In the past I used to have Bastille on my system, now I prefer pcx, though I haven't seen the last 'editions' of Bastille! []s > > Hi all, > > This is probably a FAQ, but I can't find the answer in the > e-mails I have so far Some background is needed. > > In common with quite a few people, I would expect, I'm a > long-time Windows hack trying out Linux because of Borland's > Kylix, aka Delphi for Linux. I'm starting from as near zero > knowledge of Linux as makes no difference. > > Living in a very rural area of Pennsylvania, I have a choice of > exactly one cable access provider, and they're a bit paranoid, to > put it mildly. They've managed to configure their access systems > in such a way as to (deliberately!) prevent use of a router as a > hardware firewall, unless you buy their much more expensive > "commercial" access. > > Now, when my machine is booted in Windows, I see an average of > something like 30 unauthorised access attempts a day (the > 24.x.y.z IP address of most cable modems is an open invitation). > So far as Windows is concerned, I use Zone Alarm as a software > firewall, and everyone is reasonably happy (even if I'm still a > bit annoyed about having a perfectly good router sitting on my > desk doing nothing). > > I have two questions. > > 1) Is there an equivalent to Zone Alarm for the Linux world - a > software firewall that will work "out of the box"? > > 2) If there isn't such a firewall, I'm being swamped by the > amount of documentation that I need to read - is there a Newbie's > guide to Linux security out there somewhere that will mean that I > can block out the hackers while I'm learning the rest of the OS? > > Thanks, > > Brian. > > -- == Linux user # 102240 => Machine # 96125 => Seti@home user == Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Security for Mandrake
|-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED]] On Behalf Of Brian Meadows |Sent: Thursday, October 25, 2001 5:14 AM |To: [EMAIL PROTECTED] |Subject: [newbie] Security for Mandrake | | | |Living in a very rural area of Pennsylvania, I have a choice |of exactly one cable access provider, and they're a bit |paranoid, to put it mildly. They've managed to configure their |access systems in such a way as to (deliberately!) prevent use |of a router as a hardware firewall, unless you buy their much |more expensive "commercial" access. | If Linux can access the internet, there is really no way for them to detect it's usage as a IPCHAINS/NAT MASQ host. Many ISP's are set up to only authorize a specific host, etc. Since MASQ makes all the trafic appear to come from one host, it will work where other systems fail. -JMS Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
