You are not logged in.

#1 2008-02-13 19:56:33

ilikepudding
Member
Registered: 2008-02-11
Posts: 16

Is there any need to firewall Arch?

Ubuntu advertises as having most of its ports closed to attacks by default.

How is this set up in Arch? Do I need to install a firewall?

Thanks.

Offline

#2 2008-02-13 21:14:15

chimeric
Member
From: Munich, Germany
Registered: 2007-10-07
Posts: 254
Website

Re: Is there any need to firewall Arch?

IMHO that depends on a couple of things like what services do you have running that accept connections or if you're sitting behind a router that runs a stateful firewall already and so forth.

Also, in Ubuntu terms "by default" means something completely different compared to Arch. A new Ubuntu install probably has (I guess) a lot more services running than a newly installed Arch system and therefore needs some extra security right from the start.

Last edited by chimeric (2008-02-13 21:14:45)

Offline

#3 2008-02-13 21:46:52

lilsirecho
Veteran
Registered: 2003-10-24
Posts: 5,000

Re: Is there any need to firewall Arch?

Root operation for all linux...no problems in any linux since 2001.


Prediction...This year will be a very odd year!
Hard work does not kill people but why risk it: Charlie Mccarthy
A man is not complete until he is married..then..he is finished.
When ALL is lost, what can be found? Even bytes get lonely for a little bit!     X-ray confirms Iam spineless!

Offline

#4 2008-02-13 21:56:47

Sigi
Member
From: Thurgau, Switzerland
Registered: 2005-09-22
Posts: 1,131

Re: Is there any need to firewall Arch?

lilsirecho wrote:

Root operation for all linux...no problems in any linux since 2001.

Well that's another story... I wouldn't recommend this to a new user of any Linux distro.

edit: quoted

Last edited by Sigi (2008-02-13 21:57:18)


Haven't been here in a while. Still rocking Arch. smile

Offline

#5 2008-02-13 22:00:20

toofishes
Developer
From: Chicago, IL
Registered: 2006-06-06
Posts: 602
Website

Re: Is there any need to firewall Arch?

lilsirecho wrote:

Root operation for all linux...no problems in any linux since 2001.

What is your hostname and IP addresss? Just curious, obviously I'd never do anything to your machine...

Seriously dude, not sure why you are proud of this. Talk about being not only easier to hack by others, but also a whole lot damn easier to shoot yourself in the foot.

Offline

#6 2008-02-13 23:42:11

japetto
Member
From: Chicago, IL US
Registered: 2006-07-02
Posts: 183

Re: Is there any need to firewall Arch?

Root operation for all linux...no problems in any linux since 2001.

Is it 4/01 already?

*scratches head*

Offline

#7 2008-02-14 00:00:21

japetto
Member
From: Chicago, IL US
Registered: 2006-07-02
Posts: 183

Re: Is there any need to firewall Arch?

And to the OP:  It depends on your setup.  If you are behind a router w/NAT you already have a basic firewall, or layer of protection.  If you are connecting to the internet with a public IP, it comes down to what daemons are running and accessible via a TCP/IP port, which firewalling would be recommended.

Offline

#8 2008-02-14 00:44:13

dabski
Member
Registered: 2008-02-07
Posts: 101
Website

Re: Is there any need to firewall Arch?

I don't use one myself though I am behind a NAT. Go to Shields UP to test which ports are open/closed/sheathed.
https://www.grc.com/x/ne.dll?bh0bkyd2

Last edited by dabski (2008-02-14 00:46:01)

Offline

#9 2008-02-14 02:52:25

ilikepudding
Member
Registered: 2008-02-11
Posts: 16

Re: Is there any need to firewall Arch?

Thanks, Shields UP reported all stealthed ports, so no need to install a firewall I guess.

Thanks for the help.

Offline

#10 2008-02-14 03:37:43

Misfit138
Misfit Emeritus
From: USA
Registered: 2006-11-27
Posts: 4,189

Re: Is there any need to firewall Arch?

ilikepudding wrote:

Thanks, Shields UP reported all stealthed ports, so no need to install a firewall I guess.

Thanks for the help.

Same here, my Arch machines all got perfect status:
"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."

This is with the Firewall in my modem turned completely off- no hardware firewall whatsoever.
Arch rocks. cool

Offline

#11 2008-02-14 03:39:39

tigrmesh
IRC Op
From: Florida, US
Registered: 2007-12-11
Posts: 794

Re: Is there any need to firewall Arch?

I found this article interesting:  http://www.linux.com/feature/124994.

Offline

#12 2008-02-18 06:52:56

piotr
Member
Registered: 2008-01-26
Posts: 58

Re: Is there any need to firewall Arch?

I have also tested my computer with Shields UP, but it failed when comes to ping. Is there then any need to install firewalls or I should do some tweaking within the system itself?

Offline

#13 2008-02-18 10:11:16

leo2501
Member
From: Buenos Aires, Argentina
Registered: 2007-07-07
Posts: 658

Re: Is there any need to firewall Arch?

Misfit138 how you achieved that status? are you using a software firewall or what? cause i run the test and failed at the ping test and so the Solicited TCP Packets test show lot of closed ports instead of stealth... is such a guide in the wiki to achieve that? tongue


Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.
-- Antoine de Saint-Exupery

Offline

#14 2008-02-18 10:22:41

zyghom
Member
From: Poland/currently Africa
Registered: 2006-05-11
Posts: 432
Website

Re: Is there any need to firewall Arch?

firestarter - I'm using it for years now
excellent and simple to use


Zygfryd Homonto

Offline

#15 2008-02-18 11:23:43

ST.x
Member
From: Sydney, Australia
Registered: 2008-01-25
Posts: 363
Website

Re: Is there any need to firewall Arch?

yep mine also fails on with:
"Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."

Offline

#16 2008-02-18 11:46:00

ibendiben
Member
Registered: 2007-10-10
Posts: 519

Re: Is there any need to firewall Arch?

I wonder what is the most common way people get hacked. Just ran those tests on Shields UP! and received outstanding reports, and that is sitting behind my Windows computer (behind a router, but that's it):

Filesharing:
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Common Ports
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

All Service Ports:
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Messenger Spam:
No mail reveived.

What would I have to do to enable a hacker to enter my system? Or what does this Shield UP site forget to check, what a hacker could attempt to do, to still break into my system?

Last edited by ibendiben (2008-02-18 11:46:41)

Offline

#17 2008-02-18 11:52:32

FeatherMonkey
Member
Registered: 2007-02-26
Posts: 313

Re: Is there any need to firewall Arch?

Found this on another forum.

The truth is that worms simply go ahead and have a go to see what services they can poke into on any IP address at random without bothering to check if there is anything there. Think there's some truth there.

The above snippet was then followed by...
And the greater risk these days, if you are not offering services, is from vulnerabilities in browsers and mail readers, which is really pull vulnerability rather than push.

What I did find interesting was

netstat -atn | grep LISTEN
tcp        0      0 0.0.0.0:835             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6000            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:8118          0.0.0.0:*               LISTEN
tcp        0      0 :::6000                 :::*                    LISTEN

Now I know what most are but 835 so does anyone have an idea what maybe listening on 835?
Also with the X tcp listen do I need to be concerned, if so what is the best way of securing?

xhost
access control enabled, only authorized clients can connect
LOCAL:

Orig Source http://www.suseforums.net/index.php?showtopic=46072&hl=

Last edited by FeatherMonkey (2008-02-18 12:05:10)

Offline

#18 2008-02-18 21:04:15

remote
Member
Registered: 2007-12-28
Posts: 44

Re: Is there any need to firewall Arch?

pacman -S lsof
lsof -i -P
Now you know what file/s are using 835

Offline

#19 2008-02-18 21:19:03

Romashka
Forum Fellow
Registered: 2005-12-07
Posts: 1,054

Re: Is there any need to firewall Arch?

The simplest firewall is in /etc/iptables/simple_firewall.rules (iptables package) tongue


to live is to die

Offline

#20 2008-02-18 21:53:28

xd-0
Member
From: Sweden
Registered: 2007-11-02
Posts: 327
Website

Re: Is there any need to firewall Arch?

Ping-reply is most of the time nothing to worry about. It only shows that your computer is there.
And it's probably your router that is replying, not your computer.

Offline

#21 2008-02-18 23:36:05

moljac024
Member
From: Serbia
Registered: 2008-01-29
Posts: 2,676

Re: Is there any need to firewall Arch?

Misfit138 wrote:
ilikepudding wrote:

Thanks, Shields UP reported all stealthed ports, so no need to install a firewall I guess.

Thanks for the help.

Same here, my Arch machines all got perfect status:
"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."

This is with the Firewall in my modem turned completely off- no hardware firewall whatsoever.
Arch rocks. cool

I got the same result from my PC running Windows XP + Comodo Firewall.

Arch linux, however, doesn't pass the ping reply tests.


The day Microsoft makes a product that doesn't suck, is the day they make a vacuum cleaner.
--------------------------------------------------------------------------------------------------------------
But if they tell you that I've lost my mind, maybe it's not gone just a little hard to find...

Offline

#22 2008-02-19 01:06:46

Pudge
Arch Linux f@h Team Member
Registered: 2006-01-23
Posts: 300

Re: Is there any need to firewall Arch?

zyghom wrote:

firestarter - I'm using it for years now
excellent and simple to use

Same here.  I have firestarter on all my Arch Linux computers and have a True Stealth rating on all of them.

For me, eliminating the ping responses was a two step process.  First on my D-Link router I had to enable the Block WAN Ping setting as such:

Block WAN Ping

When you "Block WAN Ping", you are causing the public WAN IP address on the DI-604 to not respond to ping commands.
Pinging public WAN IP addresses is a common method used by hackers to test whether your WAN IP address is valid.

Discard PING from WAN side       O Enabled         O Disabled

This stopped the router from responding from pings.

Then in Firestarter, I had to enable ICMP filtering and this stopped the computer from responding to pings.

Pudge

Offline

#23 2008-02-19 08:48:48

lman
Member
From: CZ
Registered: 2007-12-18
Posts: 255

Re: Is there any need to firewall Arch?

Hi,

I set up my firewall the way described in wiki to block ping requests (http://wiki.archlinux.org/index.php/Sim … wall_HOWTO). But I still can ping my computer from other computers...
/etc/iptables/iptables.rules:
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -i wlan0 -p icmp -m icmp --icmp-type 8 -j DROP

/etc/sysctl.conf:
#block ping requests
net.ipv4.icmp_echo_ingore_all = 1

Any idea why isn't it working?

Offline

#24 2008-02-19 16:19:36

ST.x
Member
From: Sydney, Australia
Registered: 2008-01-25
Posts: 363
Website

Re: Is there any need to firewall Arch?

Pudge wrote:
zyghom wrote:

firestarter - I'm using it for years now
excellent and simple to use

Same here.  I have firestarter on all my Arch Linux computers and have a True Stealth rating on all of them.

For me, eliminating the ping responses was a two step process.  First on my D-Link router I had to enable the Block WAN Ping setting as such:

Block WAN Ping

When you "Block WAN Ping", you are causing the public WAN IP address on the DI-604 to not respond to ping commands.
Pinging public WAN IP addresses is a common method used by hackers to test whether your WAN IP address is valid.

Discard PING from WAN side       O Enabled         O Disabled

This stopped the router from responding from pings.

Thanks, I just had to enable that on my router settings and i get a full stealth rating.

Offline

#25 2008-02-19 17:25:50

eldarion
Member
From: Santarém - Portugal
Registered: 2006-08-01
Posts: 71

Re: Is there any need to firewall Arch?

I use KMyFirewall, and i must say that it's the simplest GUI for iptables that i have used. As for Shields UP! test, i have all my ports stealth, but got the Ping Reply test failed. That's not a big deal, because you can easily disable ping reply on KMyFirewall if you want (ICMP Options->Reply to echo-requests). I have it enabled because some programs use it to test if your system is alive or got disconnected (probably irc, some online games, file sharing programs, etc..)

Last edited by eldarion (2008-02-19 17:27:32)

Offline

Board footer

Powered by FluxBB