Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 20 Aug 2014, 03:08
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Portspoof - Tool to provide Snooping/DOS defenses for PUPs
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 3 of 3 Posts_count   Goto page: Previous 1, 2, 3
Author Message
musher0


Joined: 04 Jan 2009
Posts: 4230
Location: Gatineau (Qc), Canada

PostPosted: Wed 12 Mar 2014, 15:05    Post_subject:  

Hello again, people.

I found two ready-made archives that made nmap work out of the box on my
Raring Puppy.

nmap itself from Ubuntu 12.10 LTS
http://archive.ubuntu.com/ubuntu/pool/main/n/nmap/nmap_5.21-1.1ubuntu1_i386.deb

And the requested lua library from the Debian Squeeze archive
http://ftp.br.debian.org/debian/pool/main/l/lua5.1/liblua5.1-0_5.1.4-5_i386.deb
(this one intentionally for a lower glibc, the glibc version for ubuntu seemed a little high.)

YMMV...

This is getting better. What should we do next, Piotr?

BFN.

musher0
nmap.jpg
 Description   Proof! :)
 Filesize   39.1 KB
 Viewed   263 Time(s)

nmap.jpg


_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
drk1wi

Joined: 12 Mar 2014
Posts: 5

PostPosted: Wed 12 Mar 2014, 15:24    Post_subject:  

@Flash

What does Shields Up! say after you've activated Portspoof?

I am not that familiar with this service, but from a networking point of view they can only scan your visible (public IP), so unless you have a dedicated public IP they just scan you internet providers gateway.
Back to top
View user's profile Send_private_message 
drk1wi

Joined: 12 Mar 2014
Posts: 5

PostPosted: Wed 12 Mar 2014, 15:28    Post_subject:  

musher0 wrote:
Hello again, people.

I found two ready-made archives that made nmap work out of the box on my
Raring Puppy.

nmap itself from Ubuntu 12.10 LTS
http://archive.ubuntu.com/ubuntu/pool/main/n/nmap/nmap_5.21-1.1ubuntu1_i386.deb

And the requested lua library from the Debian Squeeze archive
http://ftp.br.debian.org/debian/pool/main/l/lua5.1/liblua5.1-0_5.1.4-5_i386.deb
(this one intentionally for a lower glibc, the glibc version for ubuntu seemed a little high.)

YMMV...

This is getting better. What should we do next, Piotr?

BFN.

musher0




It seems like iptables isn't configured properly.
Can you paste it (iptables-save) and your ifconfig?

What you have to do is to configure your FW rules to redirect all of the "unwanted" traffic to the application (by default it's listening on port 4444).

Did you try this startup script ?

https://github.com/drk1wi/portspoof/blob/master/system_files/init.d/portspoof.sh

Cheers,
Piotr
Back to top
View user's profile Send_private_message 
musher0


Joined: 04 Jan 2009
Posts: 4230
Location: Gatineau (Qc), Canada

PostPosted: Wed 12 Mar 2014, 16:08    Post_subject:  

Hello, Piotr.

Many thanks for the feedback.

Downloaded your script. Results of my ifconfig is attached.
As to iptables -save, it just gives the help lines, same as iptables -h.

There's something I'm not getting, obviously.
Probably I have to change the lightbulb over my head? Laughing

Best regards.

musher0
ifconfig-musher0.txt.zip
Description 
zip

 Download 
Filename  ifconfig-musher0.txt.zip 
Filesize  530 Bytes 
Downloaded  54 Time(s) 

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
drk1wi

Joined: 12 Mar 2014
Posts: 5

PostPosted: Fri 14 Mar 2014, 18:09    Post_subject:  

musher0 wrote:
Hello, Piotr.

Many thanks for the feedback.

Downloaded your script. Results of my ifconfig is attached.
As to iptables -save, it just gives the help lines, same as iptables -h.

There's something I'm not getting, obviously.
Probably I have to change the lightbulb over my head? Laughing

Best regards.

musher0


Hey musher0.

Try 'iptables-save' Smile Basically, if the software is listening on 4444 and you have a proper iptables configuration then everything should work. Though, iptables config can be sometimes a pain.

Piotr
Back to top
View user's profile Send_private_message 
musher0


Joined: 04 Jan 2009
Posts: 4230
Location: Gatineau (Qc), Canada

PostPosted: Fri 14 Mar 2014, 19:24    Post_subject:  

Hi, drk1wi.

I found a how-to at https://help.ubuntu.com/community/IptablesHowTo.
Would appreciate confirmation that it is a reliable source of information for this subject.

Do these rules look ok?

Quote:
# Generated by iptables-save v1.4.12 on Fri Mar 14 19:36:46 2014
*mangle
:PREROUTING ACCEPT [152633:80760501]
:INPUT ACCEPT [152633:80760501]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [94663:7638659]
:POSTROUTING ACCEPT [94663:7638659]
COMMIT
# Completed on Fri Mar 14 19:36:46 2014
# Generated by iptables-save v1.4.12 on Fri Mar 14 19:36:46 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:TRUSTED - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -m state --state NEW -j TRUSTED
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p icmp -m state --state INVALID -j DROP
-A TRUSTED -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A TRUSTED -p icmp -j DROP
-A TRUSTED -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Mar 14 19:36:46 2014


Sorry for asking, but I have no previous experience at all of ip-rules.
Many thanks in advance for any edit or insight.

BFN.

musher0

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
drk1wi

Joined: 12 Mar 2014
Posts: 5

PostPosted: Sat 15 Mar 2014, 12:21    Post_subject:  

Quote:
# Generated by iptables-save v1.4.12 on Fri Mar 14 19:36:46 2014
*mangle
:PREROUTING ACCEPT [152633:80760501]
:INPUT ACCEPT [152633:80760501]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [94663:7638659]
:POSTROUTING ACCEPT [94663:7638659]
COMMIT
# Completed on Fri Mar 14 19:36:46 2014
# Generated by iptables-save v1.4.12 on Fri Mar 14 19:36:46 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:TRUSTED - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -m state --state NEW -j TRUSTED
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p icmp -m state --state INVALID -j DROP
-A TRUSTED -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A TRUSTED -p icmp -j DROP
-A TRUSTED -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Mar 14 19:36:46 2014


You don't have any iptables REDIRECT rules to Portspoof.
You can check out an example here: https://github.com/drk1wi/portspoof/blob/master/system_files/iptables-config

Try also to add this one (it's a bit generic, but you should be able to verify if the soft works):

iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp -j REDIRECT --to-ports 4444

In general it's a good approach to add a Portspoof rule to the PREROUTING for every port that's isn't ACCEPT'ed in your INPUT.
In your case it's a range 1-21, 23-79,81-65535.
This way an attacker will not be able to easiyl determine which ports on your system are in a CLOSED state and which services are real.

65535

Cheers,
Piotr Smile
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 3 of 3 Posts_count   Goto page: Previous 1, 2, 3
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0725s ][ Queries: 13 (0.0098s) ][ GZIP on ]