Security problems

mgossen
2004-10-14
2013-03-05
  • mgossen

    mgossen - 2004-10-14

    I ran some online firewalltest scripts and discovered two problems in my firewall.

    1. The outside world can resolve my internal IPaddress, which I NAT.

    2. TCP ports are in stealth mode, but the firewall replies error messages to UDP port probes.
    And I only use the DROP condition, never the REJECT.

    Thanks in advance,

    Mischa

     
    • Vadim Kurland

      Vadim Kurland - 2004-10-14

      how exactly does outside world resolve your internal address?

      the firewall does not send any packet back to the originator if your rules use action Drop. Depending on how do you run your tests and what scirpts are used, you may see an error message indicating that the script did not get an answer (timed out). This is typically the case for UDP protocols because generally there is no way to distinguish between blocked UDP port and a service that listens on UDP port but does not answer because port scan probe was not recognized as a proper protocol message. Hence most scanners report unanswering UDP ports as open.  You need to consult with script manuals.

       
    • mgossen

      mgossen - 2004-10-14

      I used the tool on the website: http://www.auditmypc.com/

      It came up with the following message:

      Notice!, your natted (or real) IP address is "%MY_INTERNAL_IP%".   This information can be used to track your activities.   I should not be able to obtain this information if your security is properly configured!

      When I test my TCP/UDP ports at the website: http://www.dslreports.com/scan I get the following results:

      TCP ALL : FILTERED
      No response packet was received.

      UDP ALL : CLOSED
      We received a response packet that no service is available.

      But since I only use 'DROP' package, it should be no problem.

       
    • Vadim Kurland

      Vadim Kurland - 2004-10-14

      your internal address is revealed by your browser.

      you can always check what is really sent back, if anything, using tcpdump on the firewall machine.

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks