Re: [SLUG] i put up my shields

From: bill (billt@ifelse.org)
Date: Mon May 14 2001 - 09:42:43 EDT


On Mon, 14 May 2001, patrick wrote:

> >
> > > i installed my Mandrake firewall. i checked at the
> > > place somebody sent us to and the only open
> > > port is smtp. shields up :)
>
> On Monday 14 May 2001 12:14 am, you wrote:
> > I prefer the lynksys router/firewall. Simple to use and does not respond
> > to port probes, but rather drops the unwanted/unathorized packets. Many
> > software firewalls will "refuse" connections. I find more comfort in the
> > firewall ignoring the probes rather than a refusal. Never let your
> > opponent know your there. Showing your firepower can reveal
> > vulnerbailities
>
> actually my mandrake shields were not showing themselves.
> the probe place said they were stealthed. when a probe
> was sent nothing came back. no response. my shields
> refused nothing.

ah-ha, but the catch is that since smtp was alloed, then the cracker knows
that a machine is there... and that it is highly protected. hmm.. might
contain valuable informations... death star plans... McDonald's secret
french fry formula... etc... :) and if this is a home firewall - is there
an MX record that points to your machine (for smtp)? you don't need smtp
to be open on the outside is you aren't running a mail server that the
outside needs to contact :)

if this is a home firewall, it might an idea (if you are already listening
on the outside) to refuse tcp connection attempts with --reject-with
tcp-reset, which sends a RST packet back - the same packet you get if
nothing is listening at all. the refuse-with-nothing method, IMHO, is ok
for hosts that don't listen on the outside... or only listen on the
inside, but if you have one port open (and a popular one like smtp at that
- which is scanned for in a standard nmap scan), then you are highly
visible already and refuse-with-nothing on the other ports is just proof
of a firewall which might be hiding something more interesting.

just a thought...



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:02:18 EDT