Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 24 Oct 2014, 09:15
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
firewall useless for puppy
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 12 of 13 [182 Posts]   Goto page: Previous 1, 2, 3, ..., 10, 11, 12, 13 Next
Author Message
increa

Joined: 21 May 2011
Posts: 21

PostPosted: Mon 23 May 2011, 13:03    Post subject: Firewall blocking what my computer sends.  

miriam wrote:
One point I'd like to learn more about is configuring the firewall to deny all programs, except certain ones I trust, access to the net.


Non-Puppy comment: I use free "Zone Alarm" to do this in Windows.
Back to top
View user's profile Send private message 
increa

Joined: 21 May 2011
Posts: 21

PostPosted: Mon 23 May 2011, 13:22    Post subject: System Threat  

One last thought in this thread for this morning:

It's often not one specific thing (get through my firewall) that creates a threat. Here's an example where individual non-threat pieces built into enough of a threat that I secured my system.

I enabled the Haiwatha web server. Even opened up to respond to all IP addresses (like a honey pot, I was interested who was on the hotel network and would choose to browse into my computer).

Then I enabled the Puppy personal blog. All okay, until I READ the default files served up by the server and the blog. In the blog default post, it gives the password for the "secure" spot account. Well, that file is intended to only be read by the local user at 127.0.0.1. But, by opening my web server up, the blog program now provided that password to everybody.

So, anybody could admin my blog, dump whatever they want there and as a minimum bury my computer in downloaded trash. That will crash any hard drive when it becomes full. Or the database will die first.

So... I went back and turned off the web server. OR, what I could have done is install a firewall so that only packets from within my local network could get to the web server Puppy. In this case, the firewall ~would~ have protected me. That's a pretty tangible example, I think. However, I solved the problem a different way.

However, I still run the Puppy firewall because it's overhead is a simple XOR statement against a port or IP number. Takes about a microsecond. I can afford that cost to cover my ~other~ braindead actions such as web serving my own blog post that gives my own password to the world.
Back to top
View user's profile Send private message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Mon 23 May 2011, 14:15    Post subject:  

increa wrote:
In the blog default post, it gives the password for the "secure" spot account. Well, that file is intended to only be read by the local user at 127.0.0.1. But, by opening my web server up, the blog program now provided that password to everybody.


I think that should be brought to Barry K's attention somewhat urgently, as a security bug!

Aitch Smile
Back to top
View user's profile Send private message 
puppyite


Joined: 23 Jul 2009
Posts: 758
Location: U.S., Midwest, Central Time Zone, GMT-6

PostPosted: Mon 23 May 2011, 16:48    Post subject:  

About Hiawatha:
I would think that anyone who runs a web server on their local machine would know that it should have a password set before it will start or at least give some warning if a password isn’t set.

I have no experience using the Hiawatha web server in Puppy Linux so I don’t know if it has a default password set up or not. If not then that may be a problem if the user starts it and no warning is given.

_________________
Learn more about Puppy Linux: Puppy Linux FAQ
Protect your privacy: Scroogle.org - Ixquick
Back to top
View user's profile Send private message Visit poster's website 
SimpleWater

Joined: 19 Apr 2011
Posts: 95

PostPosted: Mon 06 Jun 2011, 03:32    Post subject:  

After doing research, i have found the solution for the flash cookies. There is actually an extension for firefox called "Betterprivacy"(essential). It is made specially for deleting super cookies and is very easy customizable. If your worried about javascript then theres "noscript"(nonessential). Another firefox add-on. Something else you can do is go into your about:config and look for dom.storage.enabled and set the value to false.

I also tried to find warning threads about malware. I searched other big distros like ubuntu forums, and nothing of course. This is linux i don't think the word "malware" exist in linux yet. You might want to include your sources when you make big claims like that bernie.

When html5 becomes a standard, then you can ditch flash
Back to top
View user's profile Send private message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Wed 08 Jun 2011, 18:42    Post subject:  

SimpleWater wrote:
I also tried to find warning threads about malware. I searched other big distros like ubuntu forums, and nothing of course. This is linux i don't think the word "malware" exist in linux yet. You might want to include your sources when you make big claims like that bernie.

Exactly what “big” claims would those be, Simple? I said NOTHING about any Linux malware. What I said was IF you have WINDOWS on your machine and IF you’re running some flavor of Linux, it is possible for a hacker (and I prefer that word for both good and evil programmers) to reach and install malware in your WINDOWS system AND in your boot system via Flash via Linux. Some of this malware is not OS dependent but works directly on the boot system affecting any and all operating systems on that computer. Puppy is especially susceptible to this sort of malware since it runs as root.

Malware in Linux has been known since 1994 -- the first example modified the kernel to change system calls. It was very effective and almost impossible to detect at that time. Linux malware is very real but adherents of the cult don’t like to hear this. A Linux hacker using a rootkit was arrested as far back as 2002. See http://packetstormsecurity.org/news/view/10653/Linux-Rootkit-Author-Arrested-in-the-UK.html

Last year the open source Linux version of Unreal had a Trojan but the Windows version did not. It wasn't even noticed for seven months. See http://blogs.computerworld.com/16316/think_linux_is_free_from_malware_think_again_its_been_hacked

Linux OpenOffice had a virus called Bad Bunny about four years ago.

There are more than two thousand known Linux malware products including viruses, Trojans and worms. Some of these are definitely loose in the wild. There are more than two dozen Linux antivirus applications, most of them commercial selling for real money. Ask yourself why some people buy these products for Linux from such companies as Kaspersky, McAfee and Symantec paying as much if not more for Linux antivirus programs as they do for Windows antivirus programs.

As for “sources” there are dozens of published papers on Linux malware and its detection and removal. For one such “source” see
http://www.symantec.com/connect/articles/detecting-rootkits-and-kernel-level-compromises-linux

_________________
Frugal: Knoppix 6.4.4 DVD
USB: DSL 4.4.10
Full: WinXP Pro
Puppy (Feb. 4 - May 12, 2011) led me back to Linux.
Back to top
View user's profile Send private message 
aarf

Joined: 30 Aug 2007
Posts: 3620
Location: around the bend

PostPosted: Wed 08 Jun 2011, 19:17    Post subject:  

@BbtS have you found any 'bad things' with your specially modified puppy?
i haven't read the whole thread.
Back to top
View user's profile Send private message Visit poster's website 
Scooby

Joined: 03 Mar 2012
Posts: 319

PostPosted: Wed 23 Jul 2014, 19:21    Post subject:  

rc.firewall built with default config

I tried to mod rc.firewall to pass shieldsup common ports test
But cannot stealth: 135, 139, 445

I probably could find out how via iptables directly but can it be done
via rc.firewall?


with


Code:
########################################
# -- Advanced Configuration Options -- #
########################################

# ** DO NOT ** modify anything below unless you know what you are doing!!
# See online documentation at: http://projectfiles.com/firewall/config.html

DENY_OUTBOUND=""
ALLOW_INBOUND=""
BLACKLIST=""
STATIC_INSIDE_OUTSIDE=""
PORT_FORWARDS=""
PORT_FWD_ALL="yes"
PORT_FWD_ROUTED_NETWORKS="yes"
ADDITIONAL_ROUTED_NETWORKS=""
TRUST_ROUTED_NETWORKS="yes"
SHARED_INTERNAL="yes"
FIREWALL_IP=""
TRUST_LOCAL_EXTERNAL_NETWORKS="no"
DMZ_INTERFACES=""
NAT_EXTERNAL="yes"
ADDITIONAL_NAT_INTERFACES=""
IGNORE_INTERFACES=""
LOGGING="no"
REQUIRE_EXTERNAL_CONFIG="no"

############################################
# -- Advanced Firewall Behavior Options -- #
############################################

# The default settings provide the suggested firewall configuration.

NO_RP_FILTER_INTERFACES=""
INTERNAL_DHCP="yes"
RFC_1122_COMPLIANT="no"
DROP_NEW_WITHOUT_SYN="yes"
DUMP_TCP_ON_INIT="no"
TTL_STEALTH_ROUTER="yes"
LOG_LIMIT="1/minute"
LOG_BURST="5"
LOG_LEVEL="notice"

###########################################################
# -- Nothing below this point should need modification -- #
###########################################################

# Set version information.

VERSION="2.0rc9"
Back to top
View user's profile Send private message 
Semme

Joined: 07 Aug 2011
Posts: 3970
Location: World_Hub

PostPosted: Wed 23 Jul 2014, 19:47    Post subject:  

Scoobs.. adjust these two. If no good, inspect your ISP's configuration page.

Hey, and if not there either, you could always take a look through Arno's.
Quote:
# The default settings provide the suggested firewall configuration.

NO_RP_FILTER_INTERFACES=""
INTERNAL_DHCP="yes"
RFC_1122_COMPLIANT="yes"
DROP_NEW_WITHOUT_SYN="no"
DUMP_TCP_ON_INIT="no"
TTL_STEALTH_ROUTER="no"
LOG_LIMIT="1/minute"
LOG_BURST="5"
LOG_LEVEL="notice"
528_sfw.jpg
 Description   
 Filesize   20.62 KB
 Viewed   178 Time(s)

528_sfw.jpg


_________________
>>>Punctuation Crash Course<<<
Back to top
View user's profile Send private message 
Scooby

Joined: 03 Mar 2012
Posts: 319

PostPosted: Thu 24 Jul 2014, 06:33    Post subject:  

with your configuration I get even worse results
see below

What do you mean check ISP?

*edit*
tried arnos with exactly the same result
135, 139, 445 closed and not stealthed?



------------------------------------------------------------------------------------
GRC Port Authority Report created on UTC: 2014-07-24 at 10:32:08

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
13 Ports Closed
13 Ports Stealth
---------------------
26 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 135, 139, 445, 1002, 1024, 1025,
1026, 1027, 1028, 1029, 1030,
1720, 5000

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

Last edited by Scooby on Thu 24 Jul 2014, 06:58; edited 1 time in total
Back to top
View user's profile Send private message 
Semme

Joined: 07 Aug 2011
Posts: 3970
Location: World_Hub

PostPosted: Thu 24 Jul 2014, 06:41    Post subject:  

Worse is fine, you go back. I think the difference is in your ISP's configuration page.

For me it's http://192.168.1.1/

Don't you have some type of hw between your box and the internet?

445's Samba, no?

Not knowing what iptables might be missing, try here.

_________________
>>>Punctuation Crash Course<<<
Back to top
View user's profile Send private message 
Scooby

Joined: 03 Mar 2012
Posts: 319

PostPosted: Thu 24 Jul 2014, 07:02    Post subject:  

Semme wrote:
Worse is fine, you go back.

I like your philosophy
Semme wrote:

For me it's http://192.168.1.1/

doesn't respond
Semme wrote:

Don't you have some type of hw between your box and the internet?

Nope I have optical fiber connection straight to my wall

will try other stuff, btw with arnos I got the same result
Back to top
View user's profile Send private message 
Semme

Joined: 07 Aug 2011
Posts: 3970
Location: World_Hub

PostPosted: Thu 24 Jul 2014, 07:34    Post subject:  

How'd you know you had Arno's loaded?

Have we got Samba in the mix?

Who's your ISP?

_________________
>>>Punctuation Crash Course<<<
Back to top
View user's profile Send private message 
Scooby

Joined: 03 Mar 2012
Posts: 319

PostPosted: Thu 24 Jul 2014, 16:23    Post subject:  

I started arno's from cmd line, had to do som config to make it start.
But then shieldsup show them other ports as stealthed and without arnos
all ports came up closed so I'm pretty sure it ran

I have bredband2 - sweden

I'll check samba page but otherwise still no luck
Back to top
View user's profile Send private message 
Scooby

Joined: 03 Mar 2012
Posts: 319

PostPosted: Thu 24 Jul 2014, 17:01    Post subject:  

I guess you're right hose ports are likely blocked at the ISP level.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 12 of 13 [182 Posts]   Goto page: Previous 1, 2, 3, ..., 10, 11, 12, 13 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1074s ][ Queries: 12 (0.0154s) ][ GZIP on ]