Hi folks, I just installed shorewall 4.5.6 (and core) onto my Slackware system, followed the instructions on the shorewall webpages (I used 'Universal as I am alone on my one computer on dial-up) and copied all (not the annotated) the files over to /etc/shorewall. I then started shorewall (shorewall start) and went to GRC's website to test it. As I said, I get 'stealth' everything for all but this: ***** Unsolicited Packets: RECEIVED (FAILED) — Your system's personal security countermeasures unwisely attempted to probe us in response to our probes. While some users believe that "tracking down" the source of Internet probes is useful, experience indicates that there is little to gain and potentially much to lose. The wisest course of action is to simulate nonexistence — which your system has failed to do. Your counter-probes immediately reveal your system's presence and location on the Internet. ***** Does anyone know what's going on or why I can't get 'true' stealth? Any help with this will be appreciated. John ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 08/25/2012 04:14 AM, Heh wrote:> > Hi folks, > > I just installed shorewall 4.5.6 (and core) onto my Slackware system, > followed the instructions on the shorewall webpages (I used 'Universal as I > am alone on my one computer on dial-up) and copied all (not the annotated) > the files over to /etc/shorewall. > > I then started shorewall (shorewall start) and went to GRC's website to test > it. As I said, I get 'stealth' everything for all but this: > > ***** > Unsolicited Packets: RECEIVED (FAILED) — Your system's personal security > countermeasures unwisely attempted to probe us in response to our probes. While > some users believe that "tracking down" the source of Internet probes is > useful, experience indicates that there is little to gain and potentially much > to lose. The wisest course of action is to simulate nonexistence — which your > system has failed to do. Your counter-probes immediately reveal your system's > presence and location on the Internet. > ***** > > Does anyone know what's going on or why I can't get 'true' stealth? Any help > with this will be appreciated.This is Shorewall FAQ 4 (http://www.shorewall.net/FAQ.htm#faq4) -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On Sat, 25 Aug 2012 07:31:25 -0700 Tom Eastep <teastep@shorewall.net> wrote:> On 08/25/2012 04:14 AM, Heh wrote: > > > > Hi folks, > > > > I just installed shorewall 4.5.6 (and core) onto my Slackware system, > > followed the instructions on the shorewall webpages (I used 'Universal > > as I am alone on my one computer on dial-up) and copied all (not the > > annotated) the files over to /etc/shorewall. > > > > I then started shorewall (shorewall start) and went to GRC's website to > > test it. As I said, I get 'stealth' everything for all but this: > > > > ***** > > Unsolicited Packets: RECEIVED (FAILED) — Your system's personal security > > countermeasures unwisely attempted to probe us in response to our probes. > > While some users believe that "tracking down" the source of Internet probes > > is useful, experience indicates that there is little to gain and > > potentially much to lose. The wisest course of action is to simulate > > nonexistence — which your system has failed to do. Your counter-probes > > immediately reveal your system's presence and location on the Internet. > > ***** > > > > Does anyone know what's going on or why I can't get 'true' stealth? Any > > help with this will be appreciated. > > > This is Shorewall FAQ 4 (http://www.shorewall.net/FAQ.htm#faq4) > > -TomHmmm...I'd forgot to mention that I'd already done that also and was getting the result above. I probably wasn't using the correct command. I was 'stop'ping' shorewall, editing the .conf files, the 'start'ing shorewall. Should I have been doing something like 'restore' or some such instead? John ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 8/25/12 9:18 AM, Heh wrote:> On Sat, 25 Aug 2012 07:31:25 -0700 > Tom Eastep <teastep@shorewall.net> wrote: > >> On 08/25/2012 04:14 AM, Heh wrote: >>> >>> Hi folks, >>> >>> I just installed shorewall 4.5.6 (and core) onto my Slackware system, >>> followed the instructions on the shorewall webpages (I used ''Universal >>> as I am alone on my one computer on dial-up) and copied all (not the >>> annotated) the files over to /etc/shorewall. >>> >>> I then started shorewall (shorewall start) and went to GRC''s website to >>> test it. As I said, I get ''stealth'' everything for all but this: >>> >>> ***** >>> Unsolicited Packets: RECEIVED (FAILED) — Your system''s personal security >>> countermeasures unwisely attempted to probe us in response to our probes. >>> While some users believe that "tracking down" the source of Internet probes >>> is useful, experience indicates that there is little to gain and >>> potentially much to lose. The wisest course of action is to simulate >>> nonexistence — which your system has failed to do. Your counter-probes >>> immediately reveal your system''s presence and location on the Internet. >>> ***** >>> >>> Does anyone know what''s going on or why I can''t get ''true'' stealth? Any >>> help with this will be appreciated. >> >> >> This is Shorewall FAQ 4 (http://www.shorewall.net/FAQ.htm#faq4) >> >> -Tom > > Hmmm...I''d forgot to mention that I''d already done that also and was getting > the result above. I probably wasn''t using the correct command. I was > ''stop''ping'' shorewall, editing the .conf files, the ''start''ing shorewall. > Should I have been doing something like ''restore'' or some such instead? >Please forward the output of ''shorewall dump'' as a text attachment. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 8/25/12 9:18 AM, Heh wrote:> Hmmm...I''d forgot to mention that I''d already done that also and was getting > the result above. I probably wasn''t using the correct command. I was > ''stop''ping'' shorewall, editing the .conf files, the ''start''ing shorewall. > Should I have been doing something like ''restore'' or some such instead?Please disregard my last post. The Universal configuration has these rules: SSH(ACCEPT) net $FW Ping(ACCEPT) net $FW So if you want to be stealth, you need to remove both of those. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On Sat, 25 Aug 2012 09:54:36 -0700 Tom Eastep <teastep@shorewall.net> wrote:> On 8/25/12 9:18 AM, Heh wrote: > > > Hmmm...I''d forgot to mention that I''d already done that also and was > > getting the result above. I probably wasn''t using the correct command. I was > > ''stop''ping'' shorewall, editing the .conf files, the ''start''ing shorewall. > > Should I have been doing something like ''restore'' or some such instead? > > Please disregard my last post. > > The Universal configuration has these rules: > > SSH(ACCEPT) net $FW > Ping(ACCEPT) net $FW > > So if you want to be stealth, you need to remove both of those. > > -TomI put ''DROP'' in the parentheses (before you said to remove those two things). It did the tricka d gave me full stealth, but should I just ''remove'' them instead, as you say to do, or will it create problems later by leaving them as I have them? John ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On Sat, 2012-08-25 at 18:42 -0500, Heh wrote:> > I put ''DROP'' in the parentheses (before you said to remove those two things). > It did the tricka d gave me full stealth, but should I just ''remove'' them > instead, as you say to do, or will it create problems later by leaving them as > I have them?The way that you have them is fine. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/