"stealth" and "closed" a shown on grc / port 5001

From: andrei (dreico@wanadoo.fr)
Date: 05/30/02 

From: "andrei" <dreico@wanadoo.fr>
Date: Thu, 30 May 2002 23:58:07 +0200

I use firestarter on a linux machine which hooks up
to the internet via pppd on an adsl link, and I have a win98
laptop as a samba / login client into this, which can
also surf the net using firestarters port forwarding / DNS, etc.

When I finally got the whole thing set up right the first time (a year ago
or so) and went
to www.grc.com to get a security "check-up", all the ports
grc scanned came up very nicely as "stealth". Now however,
I'm not sure what I did (maybe manually messed around with
some of the firestarters/IP-tables type rules at some stage),
but grc now shows all ports as "closed", except for the netbios (137 or
139 ? ... I forget) port that samba affects ... which it shows as "open" !
although no information is available through it. if however, smbd is killed,
137 shows up as "closed", along with everything else.

It may seem safe enough, but my question is: is there any way to get the
clean "stealth bill of health" back again on grc's "test your shields" ?
Perhaps flushing all iptables rules and restarting firestarter ? How do
you do that ?

<added fact which may or may not be of interest: i could achieve
total "stealth" when the rh-linux version was 7 (or 7.1 i can't remember),
whilst i am now on 7.2, wherein all ports show up as "closed">

Also, could anyone advise me on this: assuming I wish to continue
using firestarter on the linux router/gateway to the internet, how can
I open port 5001 on this machine in order to be able to use yahoo
messenger with a webcam on the client win98 machine ?

is this another case of combining iptables and firestarter in some
fashion ? because frankly, i don't see any way of opening port
5001 using firestarter ! Otherwise, I have no complaints:
Firestarter successfully forwards absolutely ALL packets
to the win98 client (icq, yahoo messenger, email, ftp, etc) - all
I need to be able to do now is use a webcam !

thanks for any tips.

Andrei

Relevant Pages

  • "stealth" and "closed" a shown on grc / port 5001
    ... to the internet via pppd on an adsl link, and I have a win98 ... Perhaps flushing all iptables rules and restarting firestarter? ... using firestarter on the linux router/gateway to the internet, ... I open port 5001 on this machine in order to be able to use yahoo ...
    (comp.os.linux.security)
  • Securing Ubuntu Linux (was: Re: sudo without password)
    ... when you first try to open a port. ... The way I've seen Windows Firewall ... Firestarter already allows this to be done. ... you work on your computer when you want to turn your brain on" -- ...
    (Ubuntu)
  • Many hits registerd by firestarer
    ... Observing the firestarter logs on Debian I notice that many of the ... Backdoor-G or Sub-7 TCP on port 27374; ...
    (comp.security.firewalls)
  • Re: Am I infected with Back Orifice 2K?
    ... > I've configured with the GUI program Firestarter. ... > now, some ports are open to exchange files via bittorrent, ... Firestarter is just reporting traffic on port 54321. ...
    (comp.os.linux.security)
  • Re: DHCP appears not to be working
    ... >Did the firestarter open the dhcp ports? ... I think it broadcasts on port 68 ... When I ran the firestarter wizard, I added DHCP to the list of stuff I run. ...
    (RedHat)