site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Help: Configuring Router IPTables to stealth all ports ...

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies

HappyDude

join:2008-02-18
Brooklyn, NY
3 edits

reply to Ravenheart

Re: Help: Configuring Router IPTables to stealth all ports ...

I was playing around with my rules, and apparently, I DO NOT get stealth in scans even by leaving these rules:

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

as the only rules in the text.

How is this possible? Also, with enough testing, I was only able to get stealth by testing immediately after refreshing my rules and hitting test again.

Can anyone give a little help as to correct why this is happening? Or is this something wrong with my router, and I shouldn't worry about it since the firewall text is correct?

EDIT- I realize, maybe its a flaw in the router. The Westell 7500 is Verizon's newest model, and might it have flaws in its design? Can anyone confirm it?

EDIT 2- Also, the FTP port is the only port that seems erratic. After refreshing the rules and hitting test 2 times, the port is stealthed. Afterwards, the port reports closed.

EDIT 3- I tried the scan with just the Windows Firewall on (which supposed to stealth ports), and the GRC test reported that it responded to pings and the FTP port is still closed. That means the firewall is on, but is it just something wrong with the FTP port?
to forum · permalink · 2008-06-26 14:49:34 ·

mikenolan7
Premium
join:2005-06-07
Torrance, CA

If you can get to a command window, when your test is reporting ftp closed run:

iptables --list

That will return a list of the actual rules that are running on your firewall. I am not familiar with your hardware, but I suspect that it uses ftp to download updates. It might automatically add a rule to your firewall to allow ftp. A closed port cannot be attacked, you should really only be concerned with an open port. I monitor attempted connections on the outside of my firewall. I almost never see attempts to port 23, which would indicate bot attacks on the ftp service.

Does your firewall have a setting that allows remote updates?

Also try running netstat -a. That should tell you if you are actually running an ftp server on your firewall.

I hope that is just a test ruleset, it should not allow any traffic to be forwarded through your firewall (from/to your desktop machines).

to forum · permalink · 2008-06-26 15:34:39 ·
Forums > Broadband Tech > Security > Security

Wednesday, 30-May 19:25:36 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics