Hello, is it possible to configure the SuSEfirewall to "reject" packages insted of "denying" them? Sincerally Tobia
On Thu, 14 Dec 2000 20:29:19 +0100, you wrote:
Hello, is it possible to configure the SuSEfirewall to "reject" packages insted of "denying" them?
Hello. This issue was discussed some time ago. I started the thread named "Closing Identd service with Ipchains". Read it. The summary is that SuSEfirewall uses ipchains, and ipchains cannot "reject" packages for itself, but only "deny" them. Solutions: use fw which ships with kernel 2.4 or try a patch like the one described in the aboved mentionen thread. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
named "Closing Identd service with Ipchains". Read it. The summary is that SuSEfirewall uses ipchains, and ipchains cannot "reject" packages for itself, but only "deny" them. Solutions: use fw which ships with kernel
But "man ipchains" also names REJECT, not only ACCEPT, DENY, and so on. mfg ar -- mailto:andreas@rittershofer.de http://www.rittershofer.de PGP-Public-Key http://www.rittershofer.de/ari.htm
On Fri, 15 Dec 2000 12:54:40 +0100, you wrote:
named "Closing Identd service with Ipchains". Read it. The summary is that SuSEfirewall uses ipchains, and ipchains cannot "reject" packages for itself, but only "deny" them. Solutions: use fw which ships with kernel
But "man ipchains" also names REJECT, not only ACCEPT, DENY, and so on.
Sorry, sorry, sorry. Ipchains do support "reject", i.e., deny the packets and send icmp responses indicating it. I was confused with another "target" that is missing in ipchains: the one that would send a RST packet (indicating the port is CLOSED) (as opposing to FILTERED)... Read the former thread anyway. It could be useful. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hello, RoMaN. Friday, December 15, 2000, 15:48:14, you wrote to me:
But "man ipchains" also names REJECT, not only ACCEPT, DENY, and so on.
RSL> Sorry, sorry, sorry. Ipchains do support "reject", i.e., deny the RSL> packets and send icmp responses indicating it. RSL> I was confused with another "target" that is missing in ipchains: the RSL> one that would send a RST packet (indicating the port is CLOSED) (as RSL> opposing to FILTERED)... Read the former thread anyway. It could be RSL> useful. some time ago here was discussion about return-rst tool. you can use it to send RST packet. Friday, December 15, 2000 -- vladimir m. bondarev, icq uin: 62393277 paradox team web: http://scene.org.ru
On Fri, 15 Dec 2000 21:58:06 +0300, you wrote:
some time ago here was discussion about return-rst tool. you can use it to send RST packet.
Yep, I knew that: I started the thread (at least the last one about RST) ;-) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
edit /sbin/SuSEfirewall and change all the deny rules to reject. On Thu, 14 Dec 2000, Tobias Schulze wrote:
Hello, is it possible to configure the SuSEfirewall to "reject" packages insted of "denying" them?
Sincerally Tobia
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
current trojanerlist and ports : +,21,Doly Trojan 1.1,,, +,25,Antigen,,, +,31,Master Paradise,,, +,80,Executor,,, +,99,Hidden Port 2.0,,, +,121,BO jammerkillahV,,, +,456,HackersParadise,,, +,555,Phase Zero,,, +,666,Attack FTP,,, +,777,Aimspy,,, +,1000,Der Spaeher 3,,, +,1001,Silencer,,, +,1001,Silencer,,, +,1001,WebEx,,, +,1010,Doly Trojan 1.30,,, +,1011,Doly Trojan 1.1+1.2,,, +,1012,Doly Trojan X.x,,, +,1015,Doly Trojan 1.5,,, +,1016,Doly Trojan 1.6,,, +,1033,Netspy,,, +,1042,Bla1.1,,, +,1080,Wingate Socks Proxy,,, +,1170,Streaming Audio Trojan,,, +,1207,SoftWar,,, +,1234,Ultors Trojan,,, +,1243,SubSeven,,, +,1245,Vodoo,,, +,1269,Maverick's Matrix,,, +,1349,Back Orifice DLL,,, +,1492,FTP99CMP,,, +,1509,PsyberStreamingServer,,, +,1600,Shiva Burka,,, +,1807,SpySender,,, +,1981,ShockRave,,, +,1999,Backdoor,,, +,1999,Transcout 1.1 + 1.2,,, +,2000,Transscout,,, +,2001,DerSpaeher 3,,, +,2001,TrojanCow,,, +,2023,Pass Ripper,,, +,2115,Bugs,,, +,2140,The Invasor,,, +,2283,HVL Rat5,,, +,2565,Striker,,, +,2583,Wincrash2,,, +,2801,Phineas,,, +,3024,WinCrash,,, +,3129,Masters Paradise,,, +,3150,Deep Throat The Invasor,,, +,3700,Portal of Doom,,, +,3791,Total Eclypse (FTP),,, +,4092,WinCrash,,, +,4321,Schoolbus 1.0,,, +,4567,FileNail Danny,,, +,4590,IcqTrojan,,, +,4950,IcqTrojan,,, +,4950,IcqTrojen,,, +,5000,Socket23,,, +,5001,Sockets de Troie,,, +,5011,OOTLT,,, +,5031,NetMetro1.0,,, +,5032,NetMetropolitan 1.04,,, +,5321,Firehotcker,,, +,5400,BladeRunner,,, +,5400,BackConstruction1.2,,, +,5401,Blade Runner,,, +,5402,Blade Runner,,, +,5521,IllusionMailer,,, +,5550,XTCP 2.0 + 2.01,,, +,5569,RoboHack,,, +,5714,WinCrash,,, +,5741,WinCrash,,, +,5742,Wincrash,,, +,6000,The tHing 1.6,,, +,6400,The tHing,,, +,6669,Vampire 1.0,,, +,6670,Deep Throat,,, +,6671,DeepThroat 2.0 & 3.0,,, +,6711,SubSeven,,, +,6712,SubSeven,,, +,6713,SubSeven,,, +,6771,DeepThroat 2.0 & 3.0,,, +,6776,SubSeven,,, +,6883,DeltaSource,,, +,6912,Shitheep,,, +,6939,Indoctrination,,, +,6969,Gatecrasher,,, +,6970,Gatecrasher,,, +,7000,Remote Grab,,, +,7300,NetMonitor,,, +,7301,NetMonitor,,, +,7306,NetMonitor,,, +,7307,NetMonitor,,, +,7308,NetMonitor,,, +,7789,iCkiller,,, +,8787,Back Orifice 2000,,, +,8879,Hack Office Armageddon,,, +,9400,InCommand 1.0,,, +,9872,PortalOfDoom,,, +,9873,Portal of Doom,,, +,9874,Portal of Doom,,, +,9875,Portal of Doom,,, +,9989,iNi-Killer,,, +,9989,InIkiller,,, +,10067,Portal of Doom,,, +,10167,Portal of Doom,,, +,10607,Coma Danny,,, +,10666,Ambush,,, +,11000,SennaSpyTrojans,,, +,11223,ProgenicTrojan,,, +,12076,Gjamer,,, +,12223,Hack´99 KeyLogger,,, +,12345,GabanBus NetBus,,, +,12346,NetBus 1.x (avoiding Netbuster),,, +,12361,Whack-a-mole,,, +,12362,Whack-a-mole,,, +,12701,Eclipse 2000,,, +,13700,Kuang2 The Virus,,, +,16969,Priotrity,,, +,20000,Millenium,,, +,20001,Millennium,,, +,20034,NetBus Pro,,, +,20203,Logged!,,, +,20203,Chupacabra,,, +,20331,Bla,,, +,21544,GirlFriend,,, +,21554,GirlFriend,,, +,22222,Prosiak 0.47,,, +,23456,EvilFtp,,, +,26274,Delta,,, +,27374,SubSeven 2.1,,, +,29891,The Unexplained,,, +,30029,AOLTrojan1.1,,, +,30100,NetSphere,,, +,30101,NetSphere,,, +,30102,NetSphere,,, +,30133,Netsphere Final,,, +,30303,Socket25,,, +,30999,Kuang,,, +,31337,Back Orifice,,, +,31338,Back Orifice-DeepBO,,, +,31339,NetSpy DK,,, +,31666,BOWhack,,, +,31785,Hack'a'tack,,, +,31787,Hack'a'tack,,, +,32418,Acid Battery 1.0,,, +,33333,Prosiak,,, +,33911,Trojan Spirit 2001,,, +,34324,Tiny Telnet Server,,, +,34324,BigGluck TN,,, +,40412,TheSpy,,, +,40421,Masters Paradise,,, +,40422,Masters Paradise,,, +,40423,Master Paradise,,, +,40426,Masters Paradise,,, +,43210,Schoolbus 1.6 & 2.0,,, +,47262,Delta,,, +,49301,Online Keylogger,,, +,50505,Sockets de Troie,,, +,50766,Fore,,, +,53001,RemoteWindowsShutdown,,, +,54320,Back Orifice 2000 (default port),,, +,54321,Schoolbus 1.6+2.0,,, +,60000,DeepThroat 2.0 & 3.0,,, +,61466,Telecommando,,, +,65000,Devil 1.03,,,
participants (6)
-
Andreas Rittershofer -
RENE -
RoMaN SoFt / LLFB!! -
semat -
Tobias Schulze -
vladimir m. bondarev