[techtalk] Re: ipchains
Excerpts from linuxchix: 18-Mar-100 Re: ipchains by [EMAIL PROTECTED] > However, it will only tell you the ports, some information about the > sequence numbers and guess the OS if you tell it to. It won't actually > print out any vulnerabilities or try to break through the firewall. I've found it interesting to experiment with nmap's different scan types and figure out what my logs/filters pick up. (it's even got a decent manpage!) There's also another scanner which tries to get versions of the running network daemons, and compares it against its vulnerability database. I'll see if I can dig up a name or URL... There's a series of articles about security at kuro5hin.org, might be worth a look. Covers a lot of topics, including firewalls.
[subb3@attglobal.net: kernel log]
I have the following entry in my syslog to trap the kern messages: kern.* /var/log/kernel-log Each time my system dials to my ISP, it creates a log file on /. home/ kernel-log.10.36.6.186 kernel-log.10.37.51.48 kernel-log.10.34.209.13 kernel-log.10.36.6.24kernel-log.10.37.51.60 kernel-log.10.34.209.158 kernel-log.10.36.6.241 kernel-log.10.37.51.74 kernel-log.10.34.209.18 kernel-log.10.36.6.25lib/ These files are logging the ipchains activity. This is in addition to the main log file, which is /var/log/kernel-log. Why are these files getting created? I did not find any config file in /etc that indicates that ipchains will log for each seperate dial instance, to the / directory. What is causing this redundant message logging? Thank you in advance for any info. Subba Rao [EMAIL PROTECTED] http://pws.prserv.net/truemax/ => Time is relative. Here is a new way to look at time. <= http://www.smcinnovations.com
Moderator stuff
Would whomever is subscribed as an egroups.com mailing list please, PLEASE make the egroups.com list unmoderated? It's very bad form (and VERY confusing) for everyone who mails linuxchix.org to get a 'your message is awaiting moderation' message from an egroups.com address. Thank you. Jenn V. -- Humans are the only species to feed and house entirely separate species for no reason other than the pleasure of their company. Why? [EMAIL PROTECTED]Jenn Vespermanhttp://www.simegen.com/~jenn/
Re: ipchains
Hey Shelly, <---Reply below> > my question is - what is the best way to test that the firewall is secure? i > configured mine using ipchains (also doing masquerading for my internal lan, > which is set up as a 192.168.x.x network - my external interface is an isdn > connection at work). i had been reading about the prog SAINT, but it seems > that must be run from another linux box, as a remote admin sort of tool. the > linux firewall box is the only linux box on the network at my job - all others > are NT servers and win98 workstations. i also tried the port scanner at > www.hackerwhacker.com, but that only scans 11 ports (5 of which it says i have > open, though it won't elaborate without $$$). any other programs anyone could > recommend for firewall testing? I like using simple programs like nmap (www.insecure.org) for port scans, tcpdump will allow you to capture and see what is going on. As far as programs like Nessus and Saint. They are more for dealing with "services" that might have holes in them. Sendmail, though I love it, is a great example of one of these types. > > also... with an ipchains packet filter in place, how important is it that > certain ports are left open? i've turned off everything i don't need from > inetd.conf, and removed unnecessary services from my rc3.d. what other methods > are there to close ports - must i put ipchains rules in regarding specific > ports? (my firewall script is currently very general, referring only to the > ability of external traffic to traverse past eth0 onto my local lan - no ports > specified). You should always shut down ports your not using. Remember, not all come from inetd. A easy way to see who has ports open is "%netstat -vat" which will show things as they are happening. Some might disagree here but I think a default of "deny" in ipchains is a must. Block all internal transmissions by making them use localhost. That way traffic going out across the wire is more easily tracked. > > all in all it's been a learning experience! i didn't use any of the firewall > rule tools, just hand coded everything with the help of many web sites and > howto's. any highly recommended firewall rule creation tools out there? Mason's what I learned on. Took my router down off the net for 3 days and watched it build traffic piece by piece until I figured out what was going on. Unfortunately that is all changing come 2.4 kernel. Should be interesting. Harry
Re: [techtalk] Re: ipchains
On Sun, Mar 19, 2000 at 04:42:46AM -0500, Laurel Fan wrote: > Excerpts from linuxchix: 18-Mar-100 Re: ipchains by [EMAIL PROTECTED] > > However, it will only tell you the ports, some information about the > > sequence numbers and guess the OS if you tell it to. It won't actually > > print out any vulnerabilities or try to break through the firewall. > > I've found it interesting to experiment with nmap's different scan > types and figure out what my logs/filters pick up. (it's even got a > decent manpage!) It does do that. You can also scan UDP ports, so if you are worried about BO, UDP scan your win98 boxen on port 31337 (default BO port, however, it can be changed). > > There's also another scanner which tries to get versions of the > running network daemons, and compares it against its vulnerability > database. I'll see if I can dig up a name or URL... I believe you are thinking of Nessus at http://www.nessus.org It looks promising, but I couldn't get it to compile properly on my box (I also didn't try very hard... ;) I forgot to do this properly in my last posting, if you are interested in computer security -- even if it is just keeping your box locked down -- bugtraq is a great mailing list. It is a moderated list for announcing and discussing security holes, most of the major linux distros post security warnings to it, and many other independent people post their findings (it is kind of fun to watch as hole after hole in NT/9x/IE5 gets posted...). Anyway, you can find more info on bugtraq at http://www.securityfocus.com, it is in the forum section (there's a link in the navigation bar). -- Jeff -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS/M/>P d-(pu) s+:- a17>? C++() L+++ UL@>$ P+ E--- W++@ N+ o? K++ w--- O? M V- PS+ PE(--)@ Y+@ PGP++ t+ 5 X++@ R++@ !tv@ b++ DI D- G e- h! r% y? --END GEEK CODE BLOCK-- My Public Key -- http://24.5.73.229/pubkey.txt PGP signature
Re: ipchains
hackerwhacker will give you a detailed ascan without forking over cash. You just have to do the basic scan, first. -Ian -- wow, this is kinda nifty. the win98 protocol stack is like a chinese finger puzzle, twist and turn in the right places, and it pops right off --Seen on EFNet IRC
Re: Moderator stuff
[EMAIL PROTECTED] wrote: Would whomever is subscribed as an egroups.com mailing list please, PLEASE make the egroups.com list unmoderated? It's very bad form (and VERY confusing) for everyone who mails linuxchix.org to get a 'your message is awaiting moderation' message from an egroups.com address. This is also happening on another egroup I am subscribed to. VERY infuriating. Maybe this will go away with the new setup Deb is sorting out. Thank you. Jenn V. -- Humans are the only species to feed and house entirely separate species for no reason other than the pleasure of their company. Why? [EMAIL PROTECTED] Jenn Vesperman http://www.simegen.com/~jenn/ -- Steve - Cheltenham, UK - In love and light we are In darkness we are no less
[techtalk] Re: Moderator stuff
On Sun, 19 Mar 2000, Steve Howes wrote: > > > > [EMAIL PROTECTED] wrote: > Would whomever is subscribed as an egroups.com mailing > list please, PLEASE > make the egroups.com list unmoderated? > It's very bad form (and VERY confusing) for everyone who mails > linuxchix.org to get a 'your message is awaiting moderation' > message > from an egroups.com address. > This is also happening on another egroup I am subscribed to. VERY > infuriating. > Maybe this will go away with the new setup Deb is sorting out. > > Thank you. > Jenn V. > -- > Humans are the only species to feed and house entirely separate > species > for no reason other than the pleasure of their > company. Why? > [EMAIL PROTECTED] Jenn >Vesperman > href="http://www.simegen.com/~jenn/">http://www.simegen.com/~jenn/ > > -- > Steve - Cheltenham, UK Speaking of bad form - html on a mailing list (esp. a linux mailing list)? Very bad form - no bonus points for you. Cheers, GC -- Gregory Conron [EMAIL PROTECTED] - email (902) 443-4562 - voicemail ___ techtalk mailing list [EMAIL PROTECTED] http://www.linux.org.uk/mailman/listinfo/techtalk
Re: [techtalk] Re: Moderator stuff
Excerpts from linuxchix: 19-Mar-100 [techtalk] Re: Moderator stuffGregory [EMAIL PROTECTED] (1504*) by [entire quoted message snipped] > Speaking of bad form - html on a mailing list (esp. a linux > mailing list)? Very bad form - no bonus points for you. Speaking of speaking of bad form, we didn't need to see that twice. Oh, just to head off any "speaking of speaking of speaking of bad form" replies, lf25-- for meta-flaming, off-topicness, bad speling, and grammar, and missing something to -- myself for. ___ techtalk mailing list [EMAIL PROTECTED] http://www.linux.org.uk/mailman/listinfo/techtalk
