Topic: Test your firewall!?

[Mike Stoddart]

Has anyone tried this site?

http://www.grc.com

It scans the ports on your server, and reports what it finds. I ran the extra util from the site, which is supposed to report more reliably,and this is what it said:

"If our IP Agent brought you directly to this page, without offering you a choice of IP's, your machine has only this single private IP address and it is invulnerable to outside discovery, connection, and attack. "

How much faith should I put in this?

Thanks!

[Orville Carter]

Mike,
If you have E-smith as your gateway/firewall, like I do, and your windows machines are
using one of the non-routable (private) IP address (192.168.xxx.xxx etc), then your windows
machines are protected. Your e-smith machine gateway is the only system
that can be hacked - but not easily.

Anyone who is crazy enough to have a win95/98 machine on their cable or DSL
connection should be tarred and feathered. Hackers delight!

E-smith is not a perfect firewall (no firewall is perfect), but it does a great job.

[b1tch-x]

If you want some additional security, I love a small program called Portsentry.  It is like a bunch of trip wires listening on configured ports, and if someone trips those ports (like in a port scan) it will put their IP into the /etc/hosts.deny file, and also if you want - drop them into either ipchains or ipfwadm, so all their packets sent to your IP can be forwarded to a fake (non-used) IP on your internal LAN subnet.  Causing your machine to become a black hole to the source IP.  He will never even recieve an ACK or RESET packet from you.  You just dissapear.  BUT BE WARNED.  If you put it on make sure you know how to take people out of the list, because it could ban an internal machine, a friend of yours, or even your gateway at your ISP (Very rare but possible).  Put that on your machine and try that web page, it has great results.
---------------------------------------------------------------------------------
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
---------------------------------------------------------------------------------

When they do a port scan it take a moment for portsentry to react, at which point they've been able to see 3 open ports on my machine, but after that all packets are lost, and the web pages reports all other ports are in stealth mode, and if it tried to access the open ports, it would be completely unable to, as all the packets would be destined for another machine, which doesnt exsist.

Here is a link to the rpm version of it. Make sure to RTFM.

ftp://contrib.redhat.com/pub/contrib/libc6/SRPMS/portsentry-1.0-4.src.rpm

bx