-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi gang, I ran lsat a few days ago, and finally stumbled on the output log. It's suggesting I rid myself of portmap. I did a 'man portmap' and a 'man rpc', and they both might as well have been written in latin. But I think I picked up on enough to guess that if I'm not running any kind of server for the internet (a server being something someone from 'outside' my own home can use?), then I really don't need portmap...is this correct? When I tried 'rpcinfo -p' , I got back portmap on 111, twice, so I guess it's the only thing 'open'? Next quicky question...when I did a nanoprobe test of all services ports http://nanoprobe.grc.com/, I have port 113 'closed' instead of 'stealth'. Okay, this one I'll need to ask the tech guys at my ISP if I can actually stealth this, am I correct? Since it's the ident port? All other ports were 'stealth', but I also failed the ping test (icmp echo). Is there a way to make it so that my machine doesn't answer 'pings'? This is just a plain ol' everyday machine, not running anything special, I use it for mail, surfin', and not a whole lot else. Steve talked about how ZoneAlarm "adaptively stealths" port 113, is there some way to get SuSEFirewall2 to do this also? Thanks for the help as always. John - -- I needed fresh bugs for my SuSE gecko, and Linux penguin. So I went out and caught this huge ugly blue and red and green and yellow butterfly. They won't need fresh food for 3 months now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+0404H5oDXyLKXKQRAqg0AJ9cUwF5MCPtcMnrjgEiCvwnRbidWwCfWYfG uvf+Xo/7F7SIJPoVLUxKg14= =C/UT -----END PGP SIGNATURE-----
On Tue, 27 May 2003 11:07:12 -0500
John
Next quicky question...when I did a nanoprobe test of all services ports http://nanoprobe.grc.com/, I have port 113 'closed' instead of 'stealth'. Okay, this one I'll need to ask the tech guys at my ISP if I can actually stealth this, am I correct? Since it's the ident port? All other ports were 'stealth', but I also failed the ping test (icmp echo). Is there a way to make it so that my machine doesn't answer 'pings'? This is just a plain ol' everyday machine, not running anything special, I use it for mail, surfin', and not a whole lot else.
Steve talked about how ZoneAlarm "adaptively stealths" port 113, is there some way to get SuSEFirewall2 to do this also?
Read the /sbin/SuSEfirewall2 script and search for 113. Yyou can stealth it if you want. I have, and don't have problems with my isp, other than alot of 113 packets dropped in my firewall logs. Be prepared for posts telling you not to do it though. :-) -- use Perl; #powerful programmable prestidigitation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 27 May 2003 12:43, zentara wrote:
On Tue, 27 May 2003 11:07:12 -0500
John
wrote: Next quicky question...when I did a nanoprobe test of all services ports http://nanoprobe.grc.com/, I have port 113 'closed' instead of 'stealth'. Okay, this one I'll need to ask the tech guys at my ISP if I can actually stealth this, am I correct? Since it's the ident port? All other ports were 'stealth', but I also failed the ping test (icmp echo). Is there a way to make it so that my machine doesn't answer 'pings'? This is just a plain ol' everyday machine, not running anything special, I use it for mail, surfin', and not a whole lot else.
Steve talked about how ZoneAlarm "adaptively stealths" port 113, is there some way to get SuSEFirewall2 to do this also?
Read the /sbin/SuSEfirewall2 script and search for 113. Yyou can stealth it if you want. I have, and don't have problems with my isp, other than alot of 113 packets dropped in my firewall logs.
Be prepared for posts telling you not to do it though. :-)
Heh...so far yours is the only answer Zentara. I've been waiting to hear any other opinions before I called my ISP and asked them if I can stealth 113. Still haven't heard anything at all about the 'ping' question though from anyone. Is there a way to 'not' answer 'pings'? If there is, is it done in SuSEFirewall2 also? John - -- I needed fresh bugs for my SuSE gecko, and Linux penguin. So I went out and caught this huge ugly blue and red and green and yellow butterfly. They won't need fresh food for 3 months now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+2sYkH5oDXyLKXKQRArh1AJ49lYPmws5ppEeInwHVL0q72f/ujQCguUkZ YxSV+XM8puTY1eMz5yKJfuQ= =xdwI -----END PGP SIGNATURE-----
On Sunday 01 June 2003 19:35, John wrote:
Steve talked about how ZoneAlarm "adaptively stealths" port 113, is there some way to get SuSEFirewall2 to do this also?
Read the /sbin/SuSEfirewall2 script and search for 113. Yyou can stealth it if you want. I have, and don't have problems with my isp, other than alot of 113 packets dropped in my firewall logs.
Be prepared for posts telling you not to do it though. :-)
Heh...so far yours is the only answer Zentara. I've been waiting to hear any other opinions before I called my ISP and asked them if I can stealth 113.
You shouldn't need any permission to stealth that. Its your computer. The down side is occasional slow mail delivery outbound when they query back. You have to wait for it to time out (sometimes as much as 30 seconds) for each email you send. Instant rejection is the preferred method. But if you want to drop these packets, you may considder a rule that allows them from certain hosts such as any you forward your mail to. -- _____________________________________ John Andersen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 01 June 2003 23:05, John Andersen wrote:
On Sunday 01 June 2003 19:35, John wrote:
Steve talked about how ZoneAlarm "adaptively stealths" port 113, is there some way to get SuSEFirewall2 to do this also?
Read the /sbin/SuSEfirewall2 script and search for 113. Yyou can stealth it if you want. I have, and don't have problems with my isp, other than alot of 113 packets dropped in my firewall logs.
Be prepared for posts telling you not to do it though. :-)
Heh...so far yours is the only answer Zentara. I've been waiting to hear any other opinions before I called my ISP and asked them if I can stealth 113.
You shouldn't need any permission to stealth that. Its your computer. The down side is occasional slow mail delivery outbound when they query back. You have to wait for it to time out (sometimes as much as 30 seconds) for each email you send.
Instant rejection is the preferred method. But if you want to drop these packets, you may considder a rule that allows them from certain hosts such as any you forward your mail to.
-- _____________________________________ John Andersen
Okay, thanks John. I'd just thought that if I stealthed that port, that my ISP might drop my connection more often since they wouldn't be able to 'ident' me (but I guess this is where my running GAIM during the time I'm on the 'net will allow me to stay up). What do you mean by "instant rejection"? Remember, I'm network stupid (much worse than 'ignorant', because I just can't seem to understand this stuff no matter *how* much I read or ask), and me trying to 'make some rules', would be like dropping me into the head supervisor's seat at NASA during a shuttle launch...things would instantaneously start to 'go wrong'. John - -- I needed fresh bugs for my SuSE gecko, and Linux penguin. So I went out and caught this huge ugly blue and red and green and yellow butterfly. They won't need fresh food for 3 months now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+23M8H5oDXyLKXKQRAoNuAJ4zw/DXiwgb55owM+lntWJPod57dgCdG4Hi wwiF+76hHvrSnMALhnF/3mA= =ZZw0 -----END PGP SIGNATURE-----
* John;
Okay, thanks John. I'd just thought that if I stealthed that port, that my ISP might drop my connection more often since they wouldn't be able to 'ident' me (but I guess this is where my running GAIM during the time I'm on the 'net will allow me to stay up). What do you mean by "instant rejection"? Remember, I'm network stupid (much worse than 'ignorant', because I just can't seem to understand this stuff no matter *how* much I read or ask), and me trying to 'make some rules', would be like dropping me into the head supervisor's seat at NASA during a shuttle launch...things would instantaneously start to 'go wrong'.
--reject-with tcp-reset have a look at http://sourceforge.net/rojects/susefaq for the SuSEfirewall2 documentation. The Ident is explained in addition to other finer controls to the SuSEfirewall2 -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 02 June 2003 11:24, Togan Muftuoglu wrote: <snip>
--reject-with tcp-reset
have a look at http://sourceforge.net/rojects/susefaq for the SuSEfirewall2 documentation. The Ident is explained in addition to other finer controls to the SuSEfirewall2
--
Togan Muftuoglu
Thanks Togan, I downloaded it and read it (still quite confusing, but that's me), and did get enough out of it to learn that with SuSE's firewall, on grc's nanoprobe, it will show 'closed' and not 'stealth', but it actually *is* stealth...it's just doing that special thing I asked a while back about. Cool. heh. As for the ping stuff...I guess I'm just gonna leave everything as it is, stock setup, it's working well enough, and I seriously doubt anyone will DDoS me, since I run no services and don't do a lot but email, and surfing to learn stuff. By the way Togan, how can I help with your unofficial FAQ? There were spelling and punctuation errors (not a whole lot, but noticeable), and I figure I can maybe help if you need it. Holler at me off-list if ya want to, the email address is correct. John - -- I needed fresh bugs for my SuSE gecko, and Linux penguin. So I went out and caught this huge ugly blue and red and green and yellow butterfly. They won't need fresh food for 3 months now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+3LYuH5oDXyLKXKQRAkZzAJ9HRKoVg0bEksSSH5BP+r7QXERCvwCeIOrB JoADCFp80KjbRHrjODb8VEk= =3tYX -----END PGP SIGNATURE-----
* John;
By the way Togan, how can I help with your unofficial FAQ? There were spelling and punctuation errors (not a whole lot, but noticeable), and I figure I can maybe help if you need it. Holler at me off-list if ya want to,
The easiest way currently is to submit it via http://sourceforge.net/projects/susefaq page For SuSEFirewall2 please use http://sourceforge.net/tracker/?atid=509170&group_id=42064&func=browse and for the FAQ please use http://sourceforge.net/tracker/?atid=439827&group_id=42064&func=browse The XML source of the SuSEfirewall2 document is not uptodate on the CVS server of Sourceforge so getting it via CVS would not help. On the other hand for the FAQ sources the CVS is uptodate and I can work with a diffed patch for the grammer/spelling corrections. To get the CVS version of the FAQ visit http://sourceforge.net/cvs/?group_id=42064 and for the modue name use faq_sgml Thanks for the help offer -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
participants (4)
-
John
-
John Andersen
-
Togan Muftuoglu
-
zentara