I have installed suse firewall 1&2 (suse 7.3) with masquerading other computer was shut off, and did a firewall test at www.grc.com my user name (they think), computername & workgroupname traceble the port testing result: port 113 ident: closed port 5000 Upnp: closed should this be avoided, and if yes, How? piet roorda
Hi No worries... I have found that in my servers the default settings of SuSEfirewall are quite good. The main thing is to follow news that if there is some security issues with services that You have open to outside (ftp, http, ssh, pop, smtp etc..). If You don't use them, then disable those from inetd.conf and other places. Don't keep any unconfigured services! Others may disagree with me, but SuSEfirewall is "good enough" protection in the beginning.. Later on when You get more into Linux, You can write Your own iptables-script, and have everything as You like them to be. Jaska. Viestissä Tiistai 05 Maaliskuu 2002 23:55, Piet Roorda kirjoitti:
I have installed suse firewall 1&2 (suse 7.3) with masquerading other computer was shut off, and did a firewall test at www.grc.com my user name (they think), computername & workgroupname traceble the port testing result: port 113 ident: closed port 5000 Upnp: closed
should this be avoided, and if yes, How?
piet roorda
On Tue, 05 Mar 2002 22:55:05 +0100
Piet Roorda
I have installed suse firewall 1&2 (suse 7.3) with masquerading other computer was shut off, and did a firewall test at www.grc.com my user name (they think), computername & workgroupname traceble the port testing result: port 113 ident: closed port 5000 Upnp: closed
You are closed up, so no problems. It's just that those ports are having their packets "returned" instead of "dropped" into oblivion. The only way the scanner can tell you are "closed on a port" is if the firewall returns the packet. If the firewall drops the packet, the scanner dosn't know if you are online or not, it just waits forever for a response. If you read the /sbin/SuSEFirewall2 script, it explains that port 113 is used as identification for some email servers and instead of "dropping" the packets, it's preferrable to "return" them, so they at least know your ip address is online. You can comment those lines out if you wish, and your port 113 will be "stealth"....not responding. Most dialup users can do this. For port 5000, edit the /etc/rc.config.d/firewall2.rc.config file. Set the following: FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain time ntp" Then go back and run the test at grc.com -- $|=1;while(1){print pack("h*",'75861647f302d4560275f6272797f3');sleep(1); for(1..16){for(8,32,8,7){print chr($_);}select(undef,undef,undef,.05);}}
zentara wrote:
On Tue, 05 Mar 2002 22:55:05 +0100 Piet Roorda
wrote: I have installed suse firewall 1&2 (suse 7.3) with masquerading other computer was shut off, and did a firewall test at www.grc.com my user name (they think), computername & workgroupname traceble the port testing result: port 113 ident: closed port 5000 Upnp: closed
You are closed up, so no problems. It's just that those ports are having their packets "returned" instead of "dropped" into oblivion. The only way the scanner can tell you are "closed on a port" is if the firewall returns the packet. If the firewall drops the packet, the scanner dosn't know if you are online or not, it just waits forever for a response.
If you read the /sbin/SuSEFirewall2 script, it explains that port 113 is used as identification for some email servers and instead of "dropping" the packets, it's preferrable to "return" them, so they at least know your ip address is online. You can comment those lines out if you wish, and your port 113 will be "stealth"....not responding. Most dialup users can do this.
For port 5000, edit the /etc/rc.config.d/firewall2.rc.config file. Set the following: FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain time ntp"
Then go back and run the test at grc.com
thanks for the explanation, can you expand a bit on how the're being able to retreive workgroup and computername? should I considder this a woe or a blessing? piet
On Wednesday 06 March 2002 04.50, Piet Roorda wrote:
thanks for the explanation, can you expand a bit on how the're being able to retreive workgroup and computername? should I considder this a woe or a blessing?
How did you surf into their site? Could they be getting that info from the browser perhaps? //Anders
Anders Johansson wrote:
On Wednesday 06 March 2002 04.50, Piet Roorda wrote:
thanks for the explanation, can you expand a bit on how the're being able to retreive workgroup and computername? should I considder this a woe or a blessing?
How did you surf into their site? Could they be getting that info from the browser perhaps?
//Anders
My browser is mozilla 0.94 piet
On Wednesday 06 March 2002 05.20, Piet Roorda wrote:
Anders Johansson wrote:
On Wednesday 06 March 2002 04.50, Piet Roorda wrote:
thanks for the explanation, can you expand a bit on how the're being able to retreive workgroup and computername? should I considder this a woe or a blessing?
How did you surf into their site? Could they be getting that info from the browser perhaps?
//Anders
My browser is mozilla 0.94
piet
OK, I assume you're running either windows or samba, since otherwise "workgroup" means nothing. And if ports 137, 138 and 139 are blocked in the firewall, the browser is the only thing that could possibly give them that information. I strongly doubt it gives any samba related info on a linux box, but I don't know what it does on windows. //Anders
Anders Johansson wrote:
On Wednesday 06 March 2002 05.20, Piet Roorda wrote:
Anders Johansson wrote:
On Wednesday 06 March 2002 04.50, Piet Roorda wrote:
thanks for the explanation, can you expand a bit on how the're being able to retreive workgroup and computername? should I considder this a woe or a blessing?
How did you surf into their site? Could they be getting that info from the browser perhaps?
//Anders
My browser is mozilla 0.94
piet
OK, I assume you're running either windows or samba, since otherwise "workgroup" means nothing. And if ports 137, 138 and 139 are blocked in the firewall, the browser is the only thing that could possibly give them that information. I strongly doubt it gives any samba related info on a linux box, but I don't know what it does on windows.
//Anders
yep Samba is running with Suse 7.3 (pro), I'll have to check whitther one of these ports are in use by Samba Maybe I should give it another try with Konquerer? piet
On Wednesday 06 March 2002 05.48, Piet Roorda wrote:
yep Samba is running with Suse 7.3 (pro), I'll have to check whitther one of these ports are in use by Samba
More to the point, check that they are blocked in the firewall.
Maybe I should give it another try with Konquerer?
Sure, why not. Or perhaps lynx. That's guaranteed not to give any samba related info :) //Anders
Anders Johansson wrote:
On Wednesday 06 March 2002 05.48, Piet Roorda wrote:
yep Samba is running with Suse 7.3 (pro), I'll have to check whitther one of these ports are in use by Samba
More to the point, check that they are blocked in the firewall.
Maybe I should give it another try with Konquerer?
Sure, why not. Or perhaps lynx. That's guaranteed not to give any samba related info :)
//Anders
... even with lynx
participants (4)
-
Anders Johansson
-
jaakko tamminen
-
Piet Roorda
-
zentara