questions about Sunscreen

From: Philip Li (lzman@usa.net)
Date: 09/03/02

• Next message: Philip Brown: "Re: questions about Sunscreen"
• Previous message: Rainer Duffner: "Re: SecurityFocus gone?"
• Next in thread: Philip Brown: "Re: questions about Sunscreen"
• Reply: Philip Brown: "Re: questions about Sunscreen"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: lzman@usa.net (Philip Li)
Date: 2 Sep 2002 19:51:45 -0700

I installed Solaris 9 with Sunscreen 3.2 on a Sun Ultra5 workstation
with only one ethernet card, then I could not access outside unless
sunscreen was shut down.

Scenario 1:
edit>list rules
1 "common" "*" "*" ALLOW LOG DETAIL

There are no responses and no logs when I ping outside from the local
machine and when I ping the local machine from outside.

Scenario 2:
edit>list rules
1 "common" "*" "localhost" ALLOW LOG DETAIL
There are responses when I ping the local machine from outside and the
activities are logged

Seenario 3:
1 "common" "localhost" "*" ALLOW LOG DETAIL
2 "common" "mymachinename_hme0" "*" ALLOW LOG DETAIL
3 "common" "*" "*" ALLOW LOG DETAIL
4 * * * DENY LOG DETAIL

There are no responses and no logs when I ping outside from the local
machine. Basically I tried everything and I were not able to access
outside, but I could access the local machine from outside in Scenario
2.

I listed some addresses:
edit>list address *
"*" RANGE 0.0.0.0-255.255.255.255
edit>list address localhost
"localhost" {} {}
edit>list address mymachinename_hme0
"mymachinename_hme0" {*} {}

The common service group does include ping and other services.

When I configure Sunscreen using "ssadm configure", I selected the
stealth mode. According to the guides at docs.sun.com, the sunscreen
security level is restrictive by default when the stealth mode is
chosen. But there is no rule (actually all denied) in the initial
policy.

Any hints? How can I go back to the permissive mode? Thanks.

Phil

---

• Next message: Philip Brown: "Re: questions about Sunscreen"
• Previous message: Rainer Duffner: "Re: SecurityFocus gone?"
• Next in thread: Philip Brown: "Re: questions about Sunscreen"
• Reply: Philip Brown: "Re: questions about Sunscreen"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Microsoft Management Console problems ... > name you would type into the MMC)? ... I can ping them. ... Responses come back fast. ... It appears to be a problem on my local machine. ... (microsoft.public.win2000.general) Re: ICMP (Ping) ... given your responses only repeat more of your own ... people will probe without pinging, even if many may ping first. ... > people have seen that many of the script kiddie tools do exactly what I ... them know the web server type, version, the OS type and version, and ... (Security-Basics) Re: Batch file for Ping? ... Thanks to you and JFord for the responses. ... Dim strIPAddress, objShell, objFSO, strTemp, strTempFile ... ' Specify temporary file to save ping results. ... (microsoft.public.windows.server.scripting) Re: ICMP ... the group's responses to questions in general. ... being blocking by my hardware firewall ??? ... Most likely someone trying to ping you. ... Or, if your IP never changes, as in my case, you could ask your ISP to ... (microsoft.public.windowsxp.basics) Re: ICMP ... group's responses to questions in general. ... Most likely someone trying to ping you. ... I'm not running through a router, but a motherboard based, hardware firewall ... I am running DSL and sometimes I ... (microsoft.public.windowsxp.basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)