Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Before you bother going in depth with Sendmail, I'd remove all traces of it and install a replacement, such as Postfix or Qmail
hihi...
I already made peace with postfix...and don't plan to use sendmail on my public server ^^
but I'm getting bored and need to learn something =P
one who never set up sendmail can't call himself an admin...
one who sets it up twice is an...
hehe
Originally posted by techchiq STEP 3: Masking Reverse DNS lookup
Wherever you go on the internet, you're machine name (or rather your ISP's machine name which looks like a URL path of some kind) is given out. Clever people could use that to personally identify you, I think the GRC.com site says. By not allowing your system to give this away, you further can protect your privacy. To do this, type at the shell prompt:
# echo "1" > /procs/sys/net/ipv4/ip_forward
What does enabling IP forwarding have to do with masking reverse DNS?
I've been working on my own (personal) firewall, but I'd have a question about the "STEP2: Stopping pings" (in the first post): if I disable answering to pings, how does it affect a dialup connection? Let's take irc, for example: if I use irc, the server pings my client continuously (I think it's because some clients "die" for a reason or another, and keeping "dead" nicknames is not sensible so if a client won't answer to a ping, the nick (connection?) is removed as dead).
Now if I disable ping-stuff and go irc'ing, will this step cause my client to die immediately after a certain (short) period of time, if the server can't catch my ping reply? This isn't good, because that would mean that either I can't be on irc or then I'll have to restart it every two minutes when it dies...
And if there are other services like irc which use ping to determine if a client is there, will they too "throw me out" just because of a non-answered ping? And is there a way to accept ping'ing from a certain server, but at the same time be stealthed to others? How is this done?
Please clear my thoughts.... I'm not a professional on these things, just learning, so I'd appreciate a "pro" (OR _anyone_ who knows something!) telling me how this thing goes?
I'm using iptables-based firewall, if you need to know.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
In the case of IRC, I think it uses something called a CTCP PING, which to my knowledge does not use ICMP like the "normal" ping. The ping utility that comes with most major operating systems uses ICMP echo requests and listens for a response. If you block ICMP, you will just diable responding to ICMP echos (as well as some other features of ICMP, such as MTU discovery).
I'm fairly certain that IRCs PINGs are built into the IRC protocol that runs on the TCP transport.
ok, thanks for infomation.. I'd still like to know if there are any "serious" problems after disabling the answering to ICMP echo request, in other words, do some services need it in order to work?
btw. after checking out, you were right about the irc's "own" ping-system.. I just didn't think about it as I haven't been studying these things so deeply inside irc..just the word "ping" catched my eye..
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Somethings rely on ICMP, since it's quite literally Internet Control Message Protocol. Things like path MTU discovery rely on ICMP, and it's also used for things like source quench request, etc... I'd do some Googling for: +icmp +uses, or +icmp +functions, etc...
umm ... i am interested in 1 thing ... to make my server truly stealth to out scanners such as nmap ... or nikto or nsat .... i upgraded all services but the firewall thing is killing me ... can u show me a working iptables firewall that really makes you stealth but still does not block you ??
I haven't solved this one...the grc tests show my machine completely stealth (that's not hard to do), but using nmap's port scan it tells me I've got closed ports - they are still visible.
Hopefully some advanced iptapbles-person can help..I'm just a beginner, as I said, and many things still give me a headache here
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.