-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 27 May 2003 12:43, zentara wrote:

On Tue, 27 May 2003 11:07:12 -0500

John wrote:

...

Next quicky question...when I did a nanoprobe test of all services ports http://nanoprobe.grc.com/, I have port 113 'closed' instead of 'stealth'. Okay, this one I'll need to ask the tech guys at my ISP if I can actually stealth this, am I correct? Since it's the ident port? All other ports were 'stealth', but I also failed the ping test (icmp echo). Is there a way to make it so that my machine doesn't answer 'pings'? This is just a plain ol' everyday machine, not running anything special, I use it for mail, surfin', and not a whole lot else.

Steve talked about how ZoneAlarm "adaptively stealths" port 113, is there some way to get SuSEFirewall2 to do this also?

Read the /sbin/SuSEfirewall2 script and search for 113. Yyou can stealth it if you want. I have, and don't have problems with my isp, other than alot of 113 packets dropped in my firewall logs.

Be prepared for posts telling you not to do it though. :-)

Heh...so far yours is the only answer Zentara. I've been waiting to hear any other opinions before I called my ISP and asked them if I can stealth 113. Still haven't heard anything at all about the 'ping' question though from anyone. Is there a way to 'not' answer 'pings'? If there is, is it done in SuSEFirewall2 also? John - -- I needed fresh bugs for my SuSE gecko, and Linux penguin. So I went out and caught this huge ugly blue and red and green and yellow butterfly. They won't need fresh food for 3 months now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+2sYkH5oDXyLKXKQRArh1AJ49lYPmws5ppEeInwHVL0q72f/ujQCguUkZ YxSV+XM8puTY1eMz5yKJfuQ= =xdwI -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 01 June 2003 23:05, John Andersen wrote:

On Sunday 01 June 2003 19:35, John wrote:

...

...

...

Steve talked about how ZoneAlarm "adaptively stealths" port 113, is there some way to get SuSEFirewall2 to do this also?

Read the /sbin/SuSEfirewall2 script and search for 113. Yyou can stealth it if you want. I have, and don't have problems with my isp, other than alot of 113 packets dropped in my firewall logs.

Be prepared for posts telling you not to do it though. :-)

Heh...so far yours is the only answer Zentara. I've been waiting to hear any other opinions before I called my ISP and asked them if I can stealth 113.

You shouldn't need any permission to stealth that. Its your computer. The down side is occasional slow mail delivery outbound when they query back. You have to wait for it to time out (sometimes as much as 30 seconds) for each email you send.

Instant rejection is the preferred method. But if you want to drop these packets, you may considder a rule that allows them from certain hosts such as any you forward your mail to.

-- _____________________________________ John Andersen

Okay, thanks John. I'd just thought that if I stealthed that port, that my ISP might drop my connection more often since they wouldn't be able to 'ident' me (but I guess this is where my running GAIM during the time I'm on the 'net will allow me to stay up). What do you mean by "instant rejection"? Remember, I'm network stupid (much worse than 'ignorant', because I just can't seem to understand this stuff no matter *how* much I read or ask), and me trying to 'make some rules', would be like dropping me into the head supervisor's seat at NASA during a shuttle launch...things would instantaneously start to 'go wrong'. John - -- I needed fresh bugs for my SuSE gecko, and Linux penguin. So I went out and caught this huge ugly blue and red and green and yellow butterfly. They won't need fresh food for 3 months now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+23M8H5oDXyLKXKQRAoNuAJ4zw/DXiwgb55owM+lntWJPod57dgCdG4Hi wwiF+76hHvrSnMALhnF/3mA= =ZZw0 -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 02 June 2003 11:24, Togan Muftuoglu wrote: <snip>

--reject-with tcp-reset

have a look at http://sourceforge.net/rojects/susefaq for the SuSEfirewall2 documentation. The Ident is explained in addition to other finer controls to the SuSEfirewall2

--

Togan Muftuoglu

Thanks Togan, I downloaded it and read it (still quite confusing, but that's me), and did get enough out of it to learn that with SuSE's firewall, on grc's nanoprobe, it will show 'closed' and not 'stealth', but it actually *is* stealth...it's just doing that special thing I asked a while back about. Cool. heh. As for the ping stuff...I guess I'm just gonna leave everything as it is, stock setup, it's working well enough, and I seriously doubt anyone will DDoS me, since I run no services and don't do a lot but email, and surfing to learn stuff. By the way Togan, how can I help with your unofficial FAQ? There were spelling and punctuation errors (not a whole lot, but noticeable), and I figure I can maybe help if you need it. Holler at me off-list if ya want to, the email address is correct. John - -- I needed fresh bugs for my SuSE gecko, and Linux penguin. So I went out and caught this huge ugly blue and red and green and yellow butterfly. They won't need fresh food for 3 months now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+3LYuH5oDXyLKXKQRAkZzAJ9HRKoVg0bEksSSH5BP+r7QXERCvwCeIOrB JoADCFp80KjbRHrjODb8VEk= =3tYX -----END PGP SIGNATURE-----