OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: firewalls on single boxes ?
From: Blake R. Swopes (bhodiBIGFOOT.COM)
Date: Sat Oct 28 2000 - 17:14:04 CDT


Some of the X listening services that you've found can be made to not listen
to the network, I believe. I don't use X, so I don't know this for certain.
You should check the documentation (at least regarding command line
arguements) to see if this is the case.

A firewall can't hurt, but if you aren't running any services, you should be
fairly secure already. Something like portsentry in advanced tcp/udp mode
might be what you want. You could set it to use ipchains to automatically
drop all traffic from the attacker.

But like I said, if you have no open services, then they aren't going to
have anything to exploit remotely anyway, so that firewall would be damn
near useless... Could be interesting if you want to catch people
portscanning you, though.

Blake R. Swopes

-----Original Message-----
From: Focus on Linux Mailing List
[mailto:FOCUS-LINUXSECURITYFOCUS.COM]On Behalf Of Enric Martínez
Sent: Saturday, October 28, 2000 2:57 AM
To: FOCUS-LINUXSECURITYFOCUS.COM
Subject: firewalls on single boxes ?

Hallo,
I am a computer engineering Student (1st curse) and are particularly
interested in security issues. So I'm doing some work on my box.
I have a single Pentium 166 Box at home running Debian Potato.

My question is the following:

I closed all ports (or at least the most) I won't use
disabling the service in /etc/inet.d and KsysV.
Including port 80 and 25.

Scanning my ports with nmap -sT 127.0.0.1
you can still find the ports 1024 and 6000 open,
(I already know what these ports are: KDE and X11 services ).

Would it be necesary to also set up a firewall ?

I downloaded lots of extra dox about firewalling (I naturally have
the howtos), but all of them talk about setting up a firewall for a
network, this means the firewall is a separate machine which
includes a proxy server and all the stuff which belongs into a
firewall.

Can this be done on a single dialup machine ?
Wouldn't I be isolated from the net in case my ruleset is wrong ?

Thanks and Regards

--

__/ F \/ T F |] \__ \ L /\ | L |\ /