OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [suse-security] have I been invaded?

From: Richard (ratchesonearthlink.net)
Date: Tue Jun 03 2003 - 18:16:41 CDT

On Tue, 2003-06-03 at 17:07, Ian David Laws wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tuesday 03 June 2003 18:58, Richard wrote:
> > user-0ceicg1.ca
>
> I would be interested in, how you set up shorewall and I do believe Tom would
> like to know as well since it is his firewall.
>
My setup is not all that complicated. I'm using ver 1.4.2 right now. I
begin with the basic two interface setup. I had to switch eth0 and eth1
as eth1 is my connection to the cable modem. The Policy file is set to
DROP all inputs to eth1. As I now use the Vonage VoIP system for my
phone, I changed the rules to the following:

#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT PORT(S) DEST
#

# Accept DNS connections from the firewall to the network
#
ACCEPT fw net tcp 53
ACCEPT fw net udp 53
ACCEPT loc fw udp 53
ACCEPT fw loc udp 53
ACCEPT loc fw tcp 53
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 22
ACCEPT fw loc tcp 22
ACCEPT loc fw tcp 20
ACCEPT fw loc tcp 20
ACCEPT loc fw tcp 21
#ACCEPT fw loc tcp 21
DNAT net loc:192.168.1.147 udp 5060
DNAT net loc:192.168.1.147 udp 5061
DNAT net loc:192.168.1.147 udp 10100:10500
ACCEPT loc fw udp 123
ACCEPT fw loc udp 123
# changed net to loc and loc to net on udp port 123 to test the voip
#ACCEPT loc net udp 5061

ACCEPT loc fw udp 69
ACCEPT fw loc udp 69
ACCEPT fw loc udp 67
ACCEPT fw loc udp 68
ACCEPT loc fw udp 67
ACCEPT loc fw udp 68

#ACCEPT loc net udp 10100:10500
ACCEPT fw loc tcp 631
ACCEPT loc fw tcp 631
#
# Allow Ping To And From Firewall
#
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp 8
ACCEPT fw net icmp 8
#DROP net fw icmp 8
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

So far as I can tell, all my external ports are closed or stealth,
depending on how you want to call them, and the phone system works
better than Verizon did. My subnet of 5 computers including two Winstuff
works fine.

Can you see anything I should be concerned about? If you can see
anything that might interest Tom I will send it to him but I know he is
extremely busy helping others. I have considered going back to one of
the 1.3 versions to be sure everything was ok as I had no problems then.

Regards,
Richard

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here