i got my fwbuilder emerged and running, compiled my script.
fwbuilder was not hard, so i want to know how good the script for th e firewall is
does somebody know a light program that tells my where a still have a security hole (don't want nessus - seems to be quit a big download and i just want to test my firewall)
thx
howto scan for security holes / test my firewall
Message
Re: howto scan for security holes / test my firewall
You generally want to rest your firewall from outside your firewall -- I would suggest nmap. Tell it to do agressive scans, fingerprinting, etc. and see what you can see. Fix any problems that arise. Lather, rinse, repeat.Qubax wrote: does somebody know a light program that tells my where a still have a security hole (don't want nessus - seems to be quit a big download and i just want to test my firewall)
Alternatively, you could post your IP address to the forum and we can test it for you.
I don't believe in witty sigs.
yes i want to test my firewall from outside
i looked around and found scan.sygate.com that scans nearly all thinks i know
can somebody just try out one the scans and tell me if they tell the truth
i made all scans, it seems that if forgotten to block UDP (what ever that is, but as linuxer i'll find out about it) - have a look at fwbuilder
fwbuilder seems to be good - easy to use and seems to secure
i looked around and found scan.sygate.com that scans nearly all thinks i know
can somebody just try out one the scans and tell me if they tell the truth
i made all scans, it seems that if forgotten to block UDP (what ever that is, but as linuxer i'll find out about it) - have a look at fwbuilder
fwbuilder seems to be good - easy to use and seems to secure
scan.sygate.com is the site I almost alway recommend. I have used this to test my system on several occasions and it seems okay. I generally run the test with and without the firewall running to compare results. I also use another site -https://grc.com/x/ne.dll?bh0bkyd2
Good luck.
C
Good luck.
C
scan.sygate.com doesn't work for me, page won't even load. I don't think it likes my tight firewall settings.
The other site can't find anything even responding on my system.
What's really scary is when i had apache up for a few days messing around with it, I checked out my web logs and there was at least 100 entries of the Nimda or Code Red virus scanning my web server (../../cmd.exe). It's simply amazing how many windows users don't know they're infected to heck and back.
The other site can't find anything even responding on my system.
What's really scary is when i had apache up for a few days messing around with it, I checked out my web logs and there was at least 100 entries of the Nimda or Code Red virus scanning my web server (../../cmd.exe). It's simply amazing how many windows users don't know they're infected to heck and back.
my 2c: take a notebook with nessus to one of your frinds and let it run... next try nmap with it's variuos options (Protocol Scan, OS Finderprint, Stealth Scan, Fin Scan etc)... oh... and one peace of advice, don't come up with the idea to disable all of icmp (filter it, but don't disable it...)
you may also want to try the linux-kernel patches included in gentoo (don't know if gentoo-kernel has but gentoo-crypto-kernel has) like OpenWall and GRSecurity - really nifty features... but if you're used to use a mouse don't touch it
cheers
xor
you may also want to try the linux-kernel patches included in gentoo (don't know if gentoo-kernel has but gentoo-crypto-kernel has) like OpenWall and GRSecurity - really nifty features... but if you're used to use a mouse don't touch it
cheers
xor
has somebody an idea of how to block with fwbuilder? my fw should block everything that is incoming and let everything through that wants out, but it seems not to do this,cause scan.sygate.com tells me that udp is not blocked (ok, its closed, but i want it blocked)
kann somebody give my a hint of how to do that with fwbuilder
grc.com/x/ne.dll?bh0bkyd2 tells me that fw is working fine (could not detect me or any port), so with how much can i be confident?
kann somebody give my a hint of how to do that with fwbuilder
grc.com/x/ne.dll?bh0bkyd2 tells me that fw is working fine (could not detect me or any port), so with how much can i be confident?
a more detailed question
shouldn't
lock up everything from outside, cause this is the part of the script fwbuilder gives me, to reject everything
i also have to reject to ports for netbios-dgm/ns/ssn but it seems not to work (sygate says so)
is there something i have to compile into iptables?
shouldn't
Code: Select all
iptables -N RULE_2
iptables -A INPUT -j RULE_2
iptables -A RULE_2 -j LOG --log-level info --log-prefix "RULE 2 -- REJECT "
iptables -A RULE_2 -j REJECT --reject-with icmp-host-prohibited i also have
Code: Select all
iptables -N RULE_1
iptables -A INPUT -p udp -m multiport --destination-port 138,137,139,69 -j RULE_1
iptables -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- REJECT "
iptables -A RULE_1 -j REJECT --reject-with icmp-host-prohibited
is there something i have to compile into iptables?
Check out this site below:
http://iptables-tutorial.haringstad.com/
I had my own firewall in ipchains and that guide + other help from peeps online really sorted out the switch to iptables. Take a look today!
-/Craigo/-
http://iptables-tutorial.haringstad.com/
I had my own firewall in ipchains and that guide + other help from peeps online really sorted out the switch to iptables. Take a look today!
-/Craigo/-
I use the iptables firewall script from here:
http://projectfiles.com/firewall/
Under the 'advanced' configuration section, set 'RFC_1122_COMPLIANT' to NO, this will disable everything incoming including icmp.
I also use the traffic shaper from here:
http://lartc.org/wondershaper/
http://projectfiles.com/firewall/
Under the 'advanced' configuration section, set 'RFC_1122_COMPLIANT' to NO, this will disable everything incoming including icmp.
I also use the traffic shaper from here:
http://lartc.org/wondershaper/
http://projectfiles.com/firewall/ works great
easy to config +
all scans i found were completly blocked
thx to splooge
but now a newbie question: how kann i make it start while booting? just make a link to default runlevel? or doing something with rc-update?
easy to config +
all scans i found were completly blocked
thx to splooge
but now a newbie question: how kann i make it start while booting? just make a link to default runlevel? or doing something with rc-update?