Re: How to prevent system from replying to Ping (ICMP Echo) requests?

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 09/29/04 

Date: Wed, 29 Sep 2004 13:37:13 -0500

In article <pan.2004.09.29.12.28.01.482538@mail.com>, Agustin wrote:
>Hmm, yes... But I'm in fact running Debian Linux.

That's fine. The firewall is built into the kernel, and there are literally
dozens of programs (such as 'firestarter') that will help you configure
the firewall rules. Or, you could simply run the firewall yourself - it's
not that big of a deal.

        278012 Jul 23 2002 Security-Quickstart-HOWTO

covers both IPCHAINS and iptables. See section 5.2.2 for a simple
script to run iptables (the explanations are fairly detailed and complete).
If you've never done shell scripting before (that's all this is), you can
start with

         31540 Jul 27 2000 Bash-Prog-Intro-HOWTO

and two very good books from the Linux Documentation project. (See
http://tldp.org/guides.html - and grab the 'Bash-Beginners-Guide' and the
'abs-guide' which is the Advanced Bash Scripting Guide.)

>I do see the logic in not making one's system dead to the world so as not
>to attract the attention of hackers,

or rejecting all unwanted crap - a 'drop' may not be as good as a 'reject' in
all cases.

>but how would they know?

How would they know what? That you exist? THEY DON'T CARE!!! They are
not looking at specific hostnames - unless you've managed to piss someone
off, or done something stupid to attract the attention of the authorities.
They are scanning IP addresses in a script with 'for/to' loops. That's
covered in those books above. The more intelligent scripts even look for
a _lack_ of response (a drop rule in the firewall, rather than reject),
because that almost always indicates that there is something there whose
owner has stuck his head in the sand - so that you can't see them. That
often indicates that further probing may find something interesting.

How would they know what O/S you are running? O/S fingerprinting isn't
all that exotic either. Sarge should have 'nmap' - and that program has
some very good documentation.

How would they know that the "Host Unreachable" ICMP error comes from some
windoze wankers toy firewall instead of the ISP? Fingerprinting is the
dead giveaway, but there are others that require a bit more thought in
pattern recognition.

        Old guy

Relevant Pages

  • Re: RFC: my firewall ruleset(s)
    ... IPFW numbers rules that increment by 1. ... > The reasoning behind this is so I have a single firewall script for all ... Depending on the rc.conf entries on that server, the firewall ...
    (freebsd-questions)
  • Re: Turing of SP2 Firewall via registry entry?
    ... Group Policy that disables the firewall (see WF_XPSP2.doc ... Disabling the Use of Windows Firewall Across Your Network ... you create a script file that is read by ...
    (microsoft.public.windowsxp.security_admin)
  • Re: MS Security CD, wsh topic buried, non automated post (promise)
    ... Their stuff is for server is seems. ... you most likely want to script your 'access'. ... the firewall still inserted stuff in about every ... > Saying that you network drives may cease working. ...
    (microsoft.public.scripting.wsh)
  • Re: what www perl script is running?
    ... When you run a firewall on a host, you open the ports for the services you want ... that doesn't really add to security at all and may well make you less vigilant. ... Security isn't always about preventing a compromise. ... The part you missed is that the installed script needs to connect out to ...
    (freebsd-questions)
  • Re: Bit Twister: Is this the dhclient-exit-hooks you were talking about?
    ... You change the script to do what you want it to do. ... firewall, but what you show here would pretty much bypass everything you ... # dhclient-script for Linux. ... wgets and then restart my firewall. ...
    (alt.os.linux)