thr3ads.net - Shorewall users - [Shorewall-users] How i do to see the destination host unreachable 1-19 in my firewall? where i see this rules? [Nov 2002]

If this information is useful, please help other people find it:
Share via:

Marcelo Leão Caffaro

2002-Nov-26 13:36 UTC

[Shorewall-users] How i do to see the destination host unreachable 1-19 in my firewall? where i see this rules?

--0__=83256C7D004AB9AA8f9e8a93df938690918c83256C7D004AB9AA
Content-type: text/plain; charset=us-ascii


Hello Guys,

I see this message in archive list and i dont know how i do this. Anyone
can
help-me to send-me url or sample to i try? I need put this rules in my
firewall.

Tks and sorry my english


"You can add IPTables rules to connection attempts on ports 1-19 (or as
high
as you can go) tcp/udp that will reply with a destination host unreachable
(Credit goes to Chris Brenton of SANS for this tactic). Add these rules to
/etc/shorewall/start"




(See attached file: winmail.dat)
--0__=83256C7D004AB9AA8f9e8a93df938690918c83256C7D004AB9AA
Content-type: application/octet-stream; 
	name="winmail.dat"
Content-Disposition: attachment; filename="winmail.dat"
Content-transfer-encoding: base64

eJ8+IgMNAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAQABAAEGgAMADgAAANIHCwAaAAsAJAAAAAIALwEB
A5AGAPAGAAAlAAAACwACAAEAAAALACMAAAAAAAMAJgABAAAACwApAAAAAAADADYAAAAAAB4AcAAB
AAAAXgAAAEhvdyBpIGRvIHRvIHNlZSB0aGUgZGVzdGluYXRpb24gaG9zdCB1bnJlYWNoYWJsZSAx
LTE5IGluIG15IGZpcmV3YWxsPyB3aGVyZSBpIHNlZSB0aGlzIHJ1bGVzPwAAAAIBcQABAAAAFgAA
AAHClVDB33fxBukzw0lvtlHXwspWPigAAAIBHQwBAAAAHwAAAFNNVFA6TUFSQ0VMTy5MRUFPQFNJ
R01BLkNPTS5CUgAACwABDgAAAABAAAYOAGC7wVCVwgECAQoOAQAAABgAAAAAAAAABMMN2iLhoEiG
jUs+YFkL0cKAAAALAB8OAQAAAAIBCRABAAAAHgIAABoCAAC1AgAATFpGdcN/yusDAAoAcmNwZzEy
NRYyAPgLYG4OEDA0Nk8B9wKkA+MCAGNoCsBz8GV0MCAHEwKDAFADVFcQyQdtAoB9CoF2CJB30msL
gGQ0DGBjAFALAyELtSBIZWwJACBHcHV5cywKogqECoBJQiARIGUgdGgEACCxB4FzYWcX8AuAIArA
6RDgaXYX8GwEAAVAAHASZBjQIGQCISBrbrpvB+BoGrEaIhgDLhFgrG55AiAX8GMDkWgWUPxwLQeA
GAAWgBEgFPAcwu8IcAMgBbEYkG0LUBzjGiDgdHJ5PyAXsBwQCYCYIHB1BUAYE3J1HmCDBCAY4W15
IGZpCXCSdwdAbC4W+lRrBCC9GeJzBbAe8CCyCfBnGZHOaBb6FvgLMHNiD0ABQA8YkCViEgIL8DQg
IlkTCGAcM2FkGgBJUFRfAaAgUiA0HQEFoG4cEGNcdGkCIBkAAkBlHkB0GwQgKPFwCREEIDEtMWg5
ICgFsWEEIBggZ45oKsIb8Ca0Z28pGABhDfAvdWRwGAEpICD3A/AWYCAgZQtQINAD8BgQ7xkAGjAH
kCjQbikgKOIa4PkZsXVuCXAA0BDwJ5EqgJ5DCXEt0CvxKBRDaAUQnQQgQglwAjAo8W9mBgD8QU4F
8AIQBcAYEwGQKMH8YykbsSchGBAHkBfwJ+fyLxEwYy8joAWwISM08PsBkAAgIiPPCpALthcDFFEC
ADhAAAALAAGACCAGAAAAAADAAAAAAAAARgAAAAADhQAAAAAAAAMAA4AIIAYAAAAAAMAAAAAAAABG
AAAAABCFAAAAAAAAAwAHgAggBgAAAAAAwAAAAAAAAEYAAAAAUoUAACdqAQAeAAmACCAGAAAAAADA
AAAAAAAARgAAAABUhQAAAQAAAAQAAAA5LjAAHgAKgAggBgAAAAAAwAAAAAAAAEYAAAAANoUAAAEA
AAABAAAAAAAAAB4AC4AIIAYAAAAAAMAAAAAAAABGAAAAADeFAAABAAAAAQAAAAAAAAAeAAyACCAG
AAAAAADAAAAAAAAARgAAAAA4hQAAAQAAAAEAAAAAAAAACwANgAggBgAAAAAAwAAAAAAAAEYAAAAA
goUAAAEAAAALADqACCAGAAAAAADAAAAAAAAARgAAAAAOhQAAAAAAAAMAPIAIIAYAAAAAAMAAAAAA
AABGAAAAABGFAAAAAAAAAwA9gAggBgAAAAAAwAAAAAAAAEYAAAAAGIUAAAAAAAALAFWACCAGAAAA
AADAAAAAAAAARgAAAAAGhQAAAAAAAAMAVoAIIAYAAAAAAMAAAAAAAABGAAAAAAGFAAAAAAAAAgH4
DwEAAAAQAAAABMMN2iLhoEiGjUs+YFkL0QIB+g8BAAAAEAAAAATDDdoi4aBIho1LPmBZC9ECAfsP
AQAAAKkAAAAAAAAAOKG7EAXlEBqhuwgAKypWwgAAUFNUUFJYLkRMTAAAAAAAAAAATklUQfm/uAEA
qgA32W4AAABDOlxEb2N1bWVudHMgYW5kIFNldHRpbmdzXG1hcmNlbG8uU0lHTUFcQ29uZmlndXJh
5/VlcyBsb2NhaXNcRGFkb3MgZGUgYXBsaWNhdGl2b3NcTWljcm9zb2Z0XE91dGxvb2tcb3V0bG9v
ay5wc3QAAAAAAwD+DwUAAAADAA00/TcAAAIBfwABAAAAOQAAADxLQUVJSUdJTkVQUE5HTklEQ0pE
QUlFS0VDQUFBLm1hcmNlbG8ubGVhb0BzaWdtYS5jb20uYnI+AAAAAAMABhA5VaD5AwAHEGYBAAAD
ABAQAAAAAAMAERAAAAAAHgAIEAEAAABlAAAASEVMTE9HVVlTLElTRUVUSElTTUVTU0FHRUlOQVJD
SElWRUxJU1RBTkRJRE9OVEtOT1dIT1dJRE9USElTQU5ZT05FQ0FOSEVMUC1NRVRPU0VORC1NRVVS
TE9SU0FNUExFVE9JVAAAAABqjQ=
--0__=83256C7D004AB9AA8f9e8a93df938690918c83256C7D004AB9AA--

Tom Eastep

2002-Nov-26 14:58 UTC

head link

[Shorewall-users] How i do to see the destination host unreachable 1-19 in my firewall? where i see this rules?

--On Tuesday, November 26, 2002 11:36:03 AM -0200 Marcelo Le=E3o Caffaro=20
<marcelo.leao@sigma.com.br> wrote:
>
> "You can add IPTables rules to connection attempts on ports 1-19 (or
as
> high
> as you can go) tcp/udp that will reply with a destination host unreachable
> (Credit goes to Chris Brenton of SANS for this tactic). Add these rules to
> /etc/shorewall/start"
I don''t think it can be done - iptables can only genereate
"destination=20
port unreachable"; it cannot create "destination host
unreachable"=20
responses.

If you want the latter, simply make your default net->fw policy REJECT=20
rather than DROP.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://shorewall.sf.net
ICQ: #60745924  \ teastep@shorewall.net

Shorewall users - Nov 2002 - How i do to see the destination host unreachable 1-19 in my firewall? where i see this rules?

[Shorewall-users] How i do to see the destination host unreachable 1-19 in my firewall? where i see this rules?

[Shorewall-users] How i do to see the destination host unreachable 1-19 in my firewall? where i see this rules?