Re[2]: [newbie] [Fwd: [Mandrake Off Topic] LICQ/Dynamically opening ports in Linksys router]
At 11:44 AM 6/23/2003 -0700, you wrote: Hello Technoslick, SNIPs some puppy dog tails I've been snooping, as time permits. There are SI firewalls available, but I have yet to find an app-aware linux fw. It seems as though the fw's are based on iptables (a kernel function, as I understand it), and iptables does not include the capability of being app-aware. If this is not correct, or if any of you experts have a better picture of this, please let me know. Still learnin... -- Thank you, rikonamailto:[EMAIL PROTECTED] AFAIK there are no SI FW's available for doing app aware targeting... a proxy MAY be able to be configured to do so...but it is beyond my humble knowledge as to how this would be accomplished. - FemmeFatale, aka The Skirt Good Decisions Your boss Made: We'll do as you suggest and go with Linux. I've always liked that character from Peanuts. - Source: Dilbert Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re[2]: [newbie] [Fwd: [Mandrake Off Topic] LICQ/Dynamically opening ports in Linksys router]
Hello Technoslick, Monday, June 16, 2003, 12:00:42 PM, you wrote: T No, thankfully. It just has to be an executable that shows itself T in calling for services through ports that need to be opened. Are you certain that it actually knows that the exact app is running on the original computer? This might be just port triggering in which ANY app on *THAT* computer will trigger the port to open, with returned packets routed to that IP. (The router remembers the IP address, NOT the app running). It might be that the app name is just there to help the reader remember which app is using which ports that are being triggered. You could check this by having two apps that use the same port. Place one app name in the router table, but run the other app on the same machine, and see if it opens the port anyway. BTW, port triggering does not need H.323 to work, and would work with the linux box, for any app, just as well. Dynamic port triggering is certainly better than static port opening. I am comforted by having the fw first check the md5 signature of the designated app - if it's OK, then open the port for that app only. T Exactly. If you have ICQ (continuing the example) run at different T times over the network by different clients, you would need to go T into DMZ just to keep up with the requests. If you do that, it T can't be a firewall anymore. T To provide software firewalls on each client that would do this as T needed, you still would have to put the router's firewall into DMZ or T nothing gets through the firewall barrier to the Web. Not necessarily. A stateful inspection firewall can provide protection without needing to create a DMZ. I run a SI firewall, with app-aware fw's on each computer. The SI firewall does not need a DMZ (at least for this purpose). The app-aware fw's allow ONLY a specified app for the designated port(s), and will deny the same port(s) to any other app. T Gnomemeeting is suppose to be a NetMeeting clone/client. It's got T to be as much a security issue in Linux as in the Windows T environment. If it needs all those ports, then yes, it would be a big risk. If you need to leave that many ports open, why bother with a firewall? :-) -- Thank you, rikonamailto:[EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re[2]: [newbie] [Fwd: [Mandrake Off Topic] LICQ/Dynamically opening ports in Linksys router]
Hello Anne, Monday, June 16, 2003, 12:27:17 PM, you wrote: AW As I have stated before, I have a similar interest, in that I also AW want to use video-conferencing, so I have done quite a bit of AW reading on the subject. Actually, my interest is only in the privacy/security aspects. I have no interest (yet) in video-conferencing or telephony, which seems to be where H.323 is used. I have, on several occasions, had an individual app-aware firewall report that some pgm is trying to access the net. This has been helpful in detecting call-home junk that may have ended up on my comp. This junk sometimes comes with commercial pgms, too. Sine there doesn't seem to be a linux app-aware firewall, I was interested in a centralized solution. The key is that the firewall has to know about EVERY possible access, even from pgms that try to hide their call home. Highly unlikely they would use H.323. :-)) -- Thank you, rikonamailto:[EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: Re[2]: [newbie] [Fwd: [Mandrake Off Topic] LICQ/Dynamically opening ports in Linksys router]
although this isn't the solution you want, netstat can still be your friend :) to see what is happening on your machine (assuming you haven't been rooted but then all approaches are moot) use: netstat -tuap to see all connections that are tcp or udp but not unix sockets, this will show both listening and connected , the 'p' will show associated pid/program name but you might have to be root to see all that particular info :) netstat --help for more info bascule On Monday 16 Jun 2003 9:22 pm, rikona wrote: Sine there doesn't seem to be a linux app-aware firewall, I was interested in a centralized solution. The key is that the firewall has to know about EVERY possible access, even from pgms that try to hide their call home. Highly unlikely they would use H.323. :-)) -- We only remembers that the elves sang. We forgets what it was they were singing about. (Lords and Ladies) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re[2]: [newbie] [Fwd: [Mandrake Off Topic] LICQ/Dynamically opening ports in Linksys router]
Hello Technoslick, Monday, June 16, 2003, 3:50:17 PM, you wrote: T My Linksys is a BEFSR41. Four fully Switched ports, Cable Modem or T DSL capable. It looks as though the Linksys may be getting the app info from Zone Alarm, which MUST be on each local computer for it to work in that mode (as I read it quickly). ZA is an app-aware fw, and could relay that info to the Linksys. I'm not sure I understand the advantage of this since ZA must be on each computer anyway. T If I can figure out how to get Linux to use the Port Triggering, I'll T let you know. It might help if you could find out how the Linksys gets this app info. -- Thank you, rikonamailto:[EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com