Hardening w/o firewall - Page 3
Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 42

Thread: Hardening w/o firewall

  1. #21
    Thanks a lot everyone.

    I used Fport by foundstone to help close the ports, its a lot quicker than googling the ports, because it connects the service with the port.. Theres a lot of cool stuff in the group polices (gpedit.msc) like changing the IE icons...

    HT.. I'm in group policy, computer config>win settings>security settings, but I dont see connection properties. I attatched a screen.


    GR... how many firewalls ya got there?

  2. #22
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by Soda_Popinsky
    Thanks a lot everyone.

    I used Fport by foundstone to help close the ports, its a lot quicker than googling the ports, because it connects the service with the port.. Theres a lot of cool stuff in the group polices (gpedit.msc) like changing the IE icons...

    HT.. I'm in group policy, computer config>win settings>security settings, but I dont see connection properties. I attatched a screen.


    GR... how many firewalls ya got there?
    Hey Hey,

    Soda: Connection Properties are seperate... I guess i didnt' seperate them all that well. Look under View Network Connections --> Properties for your specific connection --> TCP/IP --> Advanced --> Options


    As far as using fport, it's a wonderful tool. Occasionally you'll notice that certain ports will be linked to svchost. You always have multiple SVChosts running, but luckily fport gives you the PID, however... what is that magical SVC host running. What you can do to find out is at your command prompt type tasklist /svc. You'll get a breakdown of which services (from Administrative Tools --> Services) are running under each SVCHost. This will give you an idea of which services you can turn off to close certain ports.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #23

    HTRegz

    First, let me say that you are in fact wrong. ICMP is run on port 7 (echo) port. For those that do want to read, it's explained in perfect detail in the book " Complete Security" by Sybex, under chapter 11 "Understanding Firewalls", page 381, written by Matthew Strebe and Charles Perkins. Look it up. By the way, have you written a book on the subject recently? Oh, well then, shall we move on. up.

    Now, on to point two. Flame me as much as you can *******, I love to hear babies whine. I told them to forward port 113 (Ident) to their routers IP address (not subnet) of (example): 192.168.1.255. This also is explained in perfect detail from Steve Gibsons's website GRC. But I guess the know-it-alls of this world (or maybe just this forum) only want to flame due to small penis syndrome. You can go on and on about the little scripts you write on python or what have you, who cares. Big deal. Who hasn't written a script lately?

    My computer world revolves around security, no matter how overboard and overkill it is, it's for a reason. But I understand forums are to help ppl, and occassionaly you run in to someone who just loves to act like a self indulgent, overbearing, know-it-all jack off.

    OK, now you may feel free to run off to your buddies and have me banned for speaking my mind.

  4. #24
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Grim:

    Do me a favor..... Don't compound your problems, (read ignorance), by coming back and trying to slag people down.....

    Read the ICMP RFC

    Please note several things.

    1.
    ICMP, uses the basic support of IP as if it were a higher level protocol, however, ICMP is actually an integral part of IP, and must be implemented by every IP module.
    Funny..... No mention of TCP.....

    2.
    ICMP messages are sent using the basic IP header. The first octet of the data portion of the datagram is a ICMP type field; the value of this field determines the format of the remaining data. Any field labeled "unused" is reserved for later extensions and must be zero when sent".
    Note please that there is NO room for flags, window size and most importantly source and destination port..... Because they are functions of TCP not IP.

    3.
    The Internet Protocol is not designed to be absolutely reliable.
    Then try reading the TCP RFC

    1.
    The TCP must recover from data that is damaged, lost, duplicated, or delivered out of order by the internet communication system.
    Apples and Oranges.

    2.
    TCPs are free to associate ports with processes however they choose. However, several basic concepts are necessary in any implementation. There must be well-known sockets which the TCP associates only with the "appropriate" processes by some means. We envision that processes may "own" ports
    Hmmm.... I see ports.....

    Just for giggles.... try reading the IP RFC

    The internet protocol uses four key mechanisms in providing its service: Type of Service, Time to Live, Options, and Header Checksum.
    Hmmm.... ICMP is structured with a standard IP header and and ICMP type and Code.... The IP header contains TOS, TTL, Options and Header Checksum........

    Show me how and where it is communicating using TCP ports when there is no room in the packet structure!!!!!

    You stated in one of your posts
    I've been in the business for some time
    yet you don't have the basics down yet.... The RFC's are there for a reason..... For you to read and learn from. The RFC's are the "bible"..... Just because others have it wrong does not mean that everything changes to suit their errata.

    On to your second Faux pas...... You have 0-255 IP addresses to chose from, (a total of 256). Only 254 are useable, (1-254), because 0 and 255 are used for broadcasts etc. (ever wondered why an ISP gives you 16 IP addresses and you only get to use 14.... there's your reason....) So you had a 2/256 or a 1/128th chance of picking a reasonable IP address for the router and you picked a bad one..... 192.168.1.255 is the broadcast address of the subnet 192.168.1.0/24. Whether the "mistake was due to ignorance or simply not thinking it was a bad example to use and HT was perfectly justified in picking you up on it.

    and occassionaly you run in to someone who just loves to act like a self indulgent, overbearing, know-it-all jack off.
    Isn't it funny how your response fits you perfectly into that category.......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #25
    Senior Member
    Join Date
    Mar 2003
    Posts
    135
    GrimReaper:

    Sorry, but you are just wrong. You are confusing the type field of the IP header in the ICMP packet with a port. ICMP doesn't need (nor is it interested in) ports; it just checks the connectivity involved. It uses IP but is not the same as TCP or UDP. Since you like to quote sources, why don't you check out the rfc at http://www.faqs.org/rfcs/rfc792.html or check out the paragraph on ICMP ping sweeps at nmap .

    Additionally, what is the fascination with people's penises? Why do you (and others, I know from experience) feel the need to include such crass statements when responding to posts? Grow up.

    Also, learn what a broadcast, multicast, and unicast address is. Then check back in.

    Lastly, only someone who truly didn't understand security would brag about "hiding" behind two routers and 3 firewalls (as you did earlier in the thread) You are doing just that, hiding. If you actually knew how to configure one firewall properly (or even just your box and no firewall, as was the intention of the thread starter), then you wouldn't need to waste resources on 3 firewalls.

    EDIT: heh, didn't mean to echo you, Tiger....I waited to long to finish my response...dang multitasking...

  6. #26
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    The short answer: there is no way to succeed a ShieldsUP test without a firewall. The test is invalid, worthless if you want to test ACTUAL security IMO, and flawed in more than one way. Having your ports report closed instead of "stealthed" is not a security risk.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  7. #27
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    csch:

    Having your ports report closed instead of "stealthed" is not a security risk.
    But since the inception of the stealth fighter and bomber the mere word "stealth" has take on such a "sexy" inference that everyone thinks it's just plain "kewl" to be "stealthed", it makes those who obviously really don't know or think about the technical details feel like the little ninja's they always wanted to be.

    GRC and his Shields up was fine when he started, (probably should have stuck with spin-rite - but that's a different issue), it told people that they were _wide_ open. Then I think he got a little carried away. Unfortunately, in sensationalizing his "products" and doing it in a highly technical sounding way a lot of people put way too much stead in the things he says. This is exacerbated by his attacks on major players like Black Ice.... It makes people think he really does have something important to say.

    It doesn't surprise me that Grim quotes him as a source - he has demonstrated that his technical knowledge is right there in the target zone GRC aims at - those with insufficient technical knowledge to know the difference between hype and fact.... Those with just enough knowledge to be actually a _real_ danger........
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #28
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Hrmm... Must say this is an interesting discussion. A couple of "opinions" (whether you want 'em or not)..

    Books are sometimes wrong. Just because the book says so, doesn't make it so. That's reality and certainly we shouldn't depend on one to be our main source for security (well, except for my fav security author -- Stephen Northcutt). That said, the association of ICMP to TCP/Port 7 is a common mistake and I'm suspicious that's a result of a generalization that the echo port returns whatever data it's sent (thus echoing it). This link might help. For those that might feel bad about this, don't. Even I've done that mistake (*insert Homer's "D'oh" in here*).

    When testing a machine without a firewall, it might be better to use a variety of tools rather than depend on something like GRC or Symantec. Single dependency on one tool to be the answer to determining how successfully or unsuccessful you are at locking a machine down is akin to putting all your eggs into one basket. Nothing stops you from scanning yourself using additional tools like nmap, nessus, retina and even a simple command like netstat (which can show which ports are listening so you can determine which services might be active).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #29
    Another point... I've been viewing my firewall as a crutch almost. Like medicine... it hides anything that may be wrong. So I turned it off, and found a lot of unneccsary problems, like a print driver opening a port (a old printer I no longer own). Like I said before, Fport is great for doing this.

    So far, nessus and nmap have failed to work under xp (with the correct winpcap). I got to get to class, maybe I can post the errors later.

  10. #30
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Soda, its under IP security policies. (A right click on it should allow you to create/edit policies)
    Its not the most intuitive interface but its more than capable of doing everything you need.



    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides