Interesting changes

For discussions about security.
Message
Author
User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

Interesting changes

#1 Post by Smithy »

Just checked grc, same puppy and exactly same setup for a long time.
Now these ports are changed from stealth to closed. Previously all stealth.
Quite a neat array of blue.
Attachments
Failed text.jpg
(29.94 KiB) Downloaded 649 times
closed not stealthed.jpg
(140.29 KiB) Downloaded 690 times

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#2 Post by nooby »

Ooops so what does that mean?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#3 Post by Flash »

Smithy forgot to mention that those are the results of a Shields UP test.

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#4 Post by greengeek »

What browser are you using? My Seamonkey just suddenly went into a "lift my skirts up and have no security" mode. Been tight for a couple of years then suddenly reset itself to being "wide open".

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#5 Post by Smithy »

Yes Flash, forgot to mention that.

Well Nooby, when "business" comes knocking on the doors. it receives a message (when blue) that "we are closed", when green, it is like the door is covered in ivy like in a secret garden.

Greengeek, using firefox, funny that your seamonkey has gone native, mine's got the kilt on but no undies! How did you fix it?

Pinging prevention code is fine.

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#6 Post by greengeek »

Smithy wrote:mine's got the kilt on but no undies!
<chuckle> That's funny. Great mental image. :-)

I had to go through all the preferences settings and return things to the way I previously had them (no passwords, no updating etc etc). Also noted one of the fonts had changed size, so maybe I just got a corrupted config file somehow...

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#7 Post by Smithy »

Ha.
Just remembering, it was Puppy 431 that I ran through shield sup.
It gave a true stealth rating.
The firewall state tray is now not coming up in thin slacko after a save.
Could do with stealthing these ports....

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#8 Post by nooby »

Will be interesting to follow this thread.

Does not GRC warn taht one need to set the Router so it
allow GRC to test the OS and not the Router?

But I know nothing.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#9 Post by Smithy »

What Puppy you running Nooby?
Go here and try probe all ports, see what you get.
https://www.grc.com/x/ne.dll?bh0bkyd2

Adagio

#10 Post by Adagio »

Your Connection to Our Web
Server is Probably 'Proxied'

What's a 'Proxy' ?

A 'Proxy' is an intermediate computer that 'intercepts' a request made for an Internet resource, then reissues that request on behalf of the intercepted computer.

For example — as happened here just now — your computer's web browser requested a resource (this page) from the grc.com web site. But your browser's request was intercepted by a 'transparent' intermediate proxying computer — probably belonging to your Internet service provider. That proxying computer, in turn, forwarded the request to grc.com's web server.

Our security testing technology detected that this was happening and responded to the proxy with this special 'intercept' page so that the proxy would, in turn, return it to your web browser.

Because none of this is usually very important for normal web surfing, such proxies are termed 'transparent'. But the problem is that they are not transparent enough to allow reliable security testing. Since we were connected to the proxy, rather than to your computer, we are unable to accurately analyze the security of your computer's connection to the Internet. (We could tell you all about the proxy's security, but that's a subject for another page.)

Internet service providers often use proxies to improve the subjective performance of their network for their customers. By locally storing copies of often-requested web resources (like all the various bits and pieces of Amazon's web site) web pages assemble much more quickly. Most people are never aware of their existence.

The ShieldsUP! system incorporates technology designed to circumvent many common web browser proxies so that most of our visitors never encounter this special interception page. This built-in circumvention technology is one of several reasons why ShieldsUP!'s tests are often more accurate than other web-based online security tests.

However, in this case, it appears that our automatic proxy circumvention system has failed to determine your machine's true IP address, so the results of further tests would not be trustworthy.

The worrisome header contained in your request is:

Via: 95.93.12.15

The presence of this header is indicative of an intermediate proxy, as discussed above. We are unable to bypass this proxy, since even your browser's secure SSL connections are being intercepted. If you are able to disable your browser's use of this proxy we'll be able to check your system, but until then we are unable to proceed.

*****************
I'm happy with this. 8)

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#11 Post by nooby »

Smithy wrote:What Puppy you running Nooby?
Go here and try probe all ports, see what you get.
https://www.grc.com/x/ne.dll?bh0bkyd2
I am on slacko 5.4 using FF17 and the first 1056?
Says I am all stealth but that I should not allow ping.
So they recommend me to go into the router and change
it so it does not allow ping. I have forgotten the username
and password again. i never remember these. Use them
too seldom to remember.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#12 Post by Smithy »

Ok.
Well there is some code if you wanted to block pinging.
Code:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

To make it permanent, add the line to /etc/rc.d/rc.local

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#13 Post by nooby »

Thanks but I know now why I have not set it up before.
My ISP will cut the line to my home if I don't allow them
to ping me each 20 minutes.

I had that problem some year ago I lost connection all teh time
due to them did not see me when they pinged me.

Sad that they set it up that way. But it is nothing I can change
they treat all of us that way and them are one of the bigger actors
in several countries too.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#14 Post by Smithy »

Best not to mess with it then Nooby!

Reading a bit more, Kapersky and other businesses don't see any point in stealthing, plus the 'ol Linux guys think it is "bad manners" to do it and partly why the internet is getting bunged up!

I guess BK made it so that when it needs to open up it will and close when it doesn't need to.
@Adagio, that's cool as long as you trust your proxy.

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#15 Post by rcrsn51 »

Stealthing is a feature provided by some firewall products. I'm surprised that the Linux firewall in Puppy appears to do it.

Smithy: Is your Puppy machine behind a router? Does it have a local IP address like 192.168.x.y?

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#16 Post by Smithy »

rcrsn51 wrote:Stealthing is a feature provided by some firewall products. I'm surprised that the Linux firewall in Puppy appears to do it.

Smithy: Is your Puppy machine behind a router? Does it have a local IP address like 192.168.x.y?
No RcRn51, this one isn't, it is a mobile and has dynamic addresses.

User avatar
SFR
Posts: 1800
Joined: Wed 26 Oct 2011, 21:52

#17 Post by SFR »

Hey Smithy et all

I'm having exactly the same issue from some time...
Previously all ports were stealth, but since many months I'm getting very similar results as on your screenshot in the first post.
Perhaps it's related to the fact that my modem was replaced with a router, more or less at that time (but my IP remained within "normal" range (dynamic); also, router is locked by my ISP and I have no access to its settings)..?

Anyway, today I found this:
http://www.linuxquestions.org/questions ... post352329
I did apply those rules and all ports are stealth back again!

But, since my knowledge regarding networking/iptables is almost non-existant and that thread is quite old, it'd be reasonable to ask:
Are these rules still ok?
Do they have any major disadvantages in comparsion to standard (automagic) rules?

BTW, I'm not running any server or sth, only basic network usage, so there's no need for extended features.

Greetings!
Attachments
Before.jpg
(64.7 KiB) Downloaded 341 times
After.jpg
(60.35 KiB) Downloaded 337 times
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#18 Post by Smithy »

hI SFR, I put that code in and I can't even get on the interweb now.
Had to boot up again.
That's stealth!

User avatar
SFR
Posts: 1800
Joined: Wed 26 Oct 2011, 21:52

#19 Post by SFR »

Hey Smithy

Looks like these settings are hardcoded for eth0, so if you're on, eg. wlan0, then 4th line must be amended:
iptables -P INPUT DROP
iptables -F INPUT
iptables -N inbound
iptables -A INPUT -i wlan0 -j inbound
iptables -A INPUT -i lo -j ACCEPT

iptables -A inbound -m state --state ESTABLISHED -j ACCEPT
iptables -A inbound -m state --state RELATED -j ACCEPT
(Or maybe it'd be enough to add new line with a second interface..? I still know too little about this stuff...)

BTW, when I tried those rules on my second laptop (on which I'm using WiFi only) for the first time, I 'stealthed' myself completely too, but simple reinitialization via 'Tray -> Firewall -> Automagic' did the job without need to reboot.

Greetings!
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#20 Post by Smithy »

That's a powerful snippet of code SFR, I have not seen the stealth mode on for a long time, now it's back up, thanks for that.

If I wanted to open up a port or two, would you know how to do that easily?

I guess if I reran the Puppy firewall setup (either automagic or custom) it might lose the stealth settings that the snippet of code provides?

Post Reply