Shields Up reports one open port through iptables - Security

This is a discussion on Shields Up reports one open port through iptables - Security ; My IP address is sitting directly on the Internet with no firewall (that I can tell) other than my iptables and I have the following rules in iptables: /sbin/iptables -F /sbin/iptables -P INPUT DROP /sbin/iptables -P FORWARD DROP /sbin/iptables -P ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Shields Up reports one open port through iptables

  1. Shields Up reports one open port through iptables

    My IP address is sitting directly on the Internet with no firewall
    (that I can tell) other than my iptables and I have the following rules
    in iptables:

    /sbin/iptables -F
    /sbin/iptables -P INPUT DROP
    /sbin/iptables -P FORWARD DROP
    /sbin/iptables -P OUTPUT ACCEPT
    /sbin/iptables -A INPUT -i lo -j ACCEPT
    /sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

    Shields Up, https://www.grc.com/x/ne.dll?bh0bkyd2, reports that my port
    1 is closed and all other ports are "stealth". I was under the
    impression that the rules above would make all ports appear "not to
    respond"/"be stealth" from any request not initiated by me/my computer.

    So, either Shields Up is reporting faulty information or I don't have
    my rules set the way I want. What do youz guyz think? What would be a
    good set of rules to be stateful and also wear the cloak of
    invisibility? Thanks.


  2. Re: Shields Up reports one open port through iptables

    On 28 Feb 2006 07:43:38 -0800, bob.python@yahoo.com wrote:

    >So, either Shields Up is reporting faulty information or I don't have


    The guy running SU is clueless.

    Grant.
    --
    Living in a land down under / Where women glow and men plunder / Can't you
    hear, can't you hear the thunder? / You better run, you better take cover!
    --Men At Work

  3. Re: Shields Up reports one open port through iptables

    bob.python@yahoo.com wrote:
    > My IP address is sitting directly on the Internet with no firewall
    > (that I can tell) other than my iptables and I have the following rules
    > in iptables:
    >
    > /sbin/iptables -F
    > /sbin/iptables -P INPUT DROP
    > /sbin/iptables -P FORWARD DROP
    > /sbin/iptables -P OUTPUT ACCEPT
    > /sbin/iptables -A INPUT -i lo -j ACCEPT
    > /sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
    >
    > Shields Up, https://www.grc.com/x/ne.dll?bh0bkyd2, reports that my port
    > 1 is closed and all other ports are "stealth".


    Port *1*? That's quite odd...

    Try telnet 1 from a different machine, or using the "real"
    IP (i.e., the IP assigned, and not 127.0.0.1 or localhost -- that
    way, the packet will not come in through the loopback interface)

    See if it immediately tells you "Connection refused", or if it
    just freezes there waiting for the connection to be accepted (if
    the former, the port is closed, as Shields Up reports -- from the
    above iptables ruleset, it should freeze).

    Also check iptables -L to list the *actual* rules (maybe another
    iptables command was executed, or maybe the above is inaccurate?)

    I just had Shields Up scan my machine, and it reports it as full
    stealth (my machine has a slightly less strict ruleset than the
    above -- I accept ESTABLISHED *and* RELATED, and I also accept
    FORWARD traffic if it comes from the interface that connects to
    the internal LAN; but from the point of view of what Shields Up
    might report, my ruleset is essentially the same as the one you
    posted)

    If all checks out, you might want to write to the Shields Up guy
    and report the possible bug in their system. (you might want to
    try the scan again -- it might have been a temporary failure)

    Carlos
    --

+ Reply to Thread