Mailinglist Archive: opensuse (3644 mails)

< Previous Next >
Re: [SLE] firewall test... reason for worries?
  • From: Piet Roorda <prooroa@xxxxxxxxxx>
  • Date: Wed, 06 Mar 2002 04:50:09 +0100
  • Message-id: <3C8591F1.1000704@xxxxxxxxxx>
zentara wrote:

On Tue, 05 Mar 2002 22:55:05 +0100
Piet Roorda <prooroa@xxxxxxxxxx> wrote:

I have installed suse firewall 1&2 (suse 7.3) with masquerading other computer was shut off, and did a firewall test at www.grc.com
my user name (they think), computername & workgroupname traceble
the port testing result:
port 113 ident: closed
port 5000 Upnp: closed


You are closed up, so no problems. It's just that those ports
are having their packets "returned" instead of "dropped" into oblivion.
The only way the scanner can tell you are "closed on a port" is if the
firewall returns the packet. If the firewall drops the packet, the scanner
dosn't know if you are online or not, it just waits forever for a response.

If you read the /sbin/SuSEFirewall2 script, it explains that port 113
is used as identification for some email servers and instead of "dropping"
the packets, it's preferrable to "return" them, so they at least know
your ip address is online. You can comment those lines out if you
wish, and your port 113 will be "stealth"....not responding. Most dialup
users can do this.

For port 5000, edit the /etc/rc.config.d/firewall2.rc.config file.
Set the following:
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain time ntp"

Then go back and run the test at grc.com

thanks for the explanation, can you expand a bit on how the're being able to
retreive workgroup and computername? should I considder this a woe or a blessing?

piet



< Previous Next >
Follow Ups
References