| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 39457 | 2003-11-07 01:23:00 | Anyone using IPCop? | rmcb (164) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 189890 | 2003-11-07 01:23:00 | Have been using this for a week or so now. Works great, a cheap and secure way to share your internet connection. http://www.ipcop.org |
rmcb (164) | ||
| 189891 | 2003-11-07 01:38:00 | I just set one up here at work last week. Also have a couple of clients that are using it too. Does a great job. REMEMBER to keep it up-to-date! Great for using those old PC's instead of dumping them! |
CYaBro (73) | ||
| 189892 | 2003-11-07 02:02:00 | I use smoothwall, which is what ipcop is based on. I tried ipcop (2.4 kernel) but it was slower than SW1.0 (2.2) on my old 486. Otherwise I couldn't spot any real differences. |
bmason (508) | ||
| 189893 | 2003-11-07 05:04:00 | Like Brett, I have used Smoothwall (http://www.smoothwall.org) and found it to be fairly good. I have also played around with IPCop. The main concerns I had with both distro's was that their default configuration is to reply to "pings" and they show an awful lot of filtered ports when scanned externally by some port scanners. Checking them via the Gibson site shows them as stealthed, but they aren't really :) Apart from those niggles, they don't seem to be to bad. :D |
Gorela (901) | ||
| 189894 | 2003-11-08 06:44:00 | "The main concerns I had with both distro's was that their default configuration is to reply to "pings" and they show an awful lot of filtered ports when scanned externally by some port scanners. Checking them via the Gibson site shows them as stealthed, but they aren't really " a copy and paste from the smoothwall documentation (forgive formatting): General Q. Help, I have just downloaded and run Leaktest from grc.com and my Smoothie has failed. A. Calm down, think logically and look at what Leaktest does. Leaktest is a classic FUD spreader, first of all read what the Leaktest web page actually says. ‘LeakTest pretends to be an FTP client application which attempts to connect to port 21 (FTP) of one of our servers within the grc.com domain.’ 2001 by Gibson Research Corporation Well knock me down with a feather, SmoothWall actually allowed a computer on the Green network running an FTP client to connect to an FTP server on the Internet. If it had not, you would probably be reading this document to find out why you could not connect to FTP servers through Smoothwall. If you are really worried about Viruses, Worms, Trojans etc. Then you should do the following: 1. Invest in a decent Anti-virus software package and keep it up to date. 2. Monitor your application suppliers for security bulletins and install patches and fixes as soon as they are released. 3. Take and retain regular backups of critical applications and data that are stored on your machines. 4. Have a strict policy about opening e-mails with attachments, and information on portable media from any source. You should be doing all the above anyway. If you are still paranoid, then the simplest answer is not to your private network to the outside world or to accept any software unless guaranteed virus free by the manufacturer. Failing that get rid of all your computers and go back to pen and ink. Q. Is SmoothWall 100% watertight? Is it true it's unhackable? A. We try to make SmoothWall as watertight as possible. You should never assume that ANY firewall is 100% hack proof. To date we don't believe that SmoothWall has been hacked. Q. I used one of those internet firewall testing sites. It said that my ICMP port was open. Is this a problem? A. While some people would like to close that port as well, ICMP (Ping) was consciously left open to allow you to run diagnostics on your firewall. All a hacker can get from a ping is that your machine exists and is alive. Having this port open is not a security hole. Q. Is it safe to allow external automated sites to scan my network / firewall? A. No it isnt. This is the easiest way for an attacker to harvest IP addresses with the owner’s consent. Once they have the IP they will often send back bogus reports and have a nice database of insecure boxes to play with There are many tools available that will allow you to test your own set-up. Q. I did a nmap port scan of my SmoothWall and found that 1025 is open. Help? A. Port 1025 on Smoothie is dnrd, the dns proxy / cache. This port is needed to receive DNS info from external DNS servers. You cannot block this without killing DNS proxy functionality. dnrd runs as non root and is chroot in an empty directory. Q. Why is Smoothie showing my ports are open? For example, a remote UDP scan from http://scan.sygatetech.com showed that I have ports 137 (NetBIOS-NS), 138 (NetBIOS-DGM), and 139 (NetBIOS) open. Are the scans from this site accurate? How do I turn off these ports? A. Some users of cable modems may find that they have those netbois ports "open". They appear almost as if the cable company / manufacturer has set up a "honey pot" on those ports from the outside. This may vary with different manufacturers or suppliers. |
whetu (237) | ||
| 189895 | 2003-11-08 12:44:00 | Thanks for the Smoothwall info Whetu :) All scans I do are against firewalls I have set-up internally. You might remember that I like playing with firewalls :) My concern about IPCop and Smoothwall is as I mentioned that almost ALL the interesting ports show up as filtered with certain scans. As you know this means that it is more than sufficient to determine the OS. |
Gorela (901) | ||
| 1 | |||||