October 14, 2008 at 3:48 pm #41229
I don’t know if any of you have had a port scan done or not, but I fail big time doing an online port scan. Either by GRC.com or any other port scan site. Most all ports are “closed” as apposed to stealth on a DEFAULT install of Zeroshell. Is there some trick to get Zeroshell to come up stealth on port scans?
Here is a direct link to Gibson Research port scan:
JazzieOctober 14, 2008 at 9:27 pm #47012
from a shell prompt on you’re zeroshell device. Can you run this comand?
# iptables -L -n
If you have any ip addresses you might want to obfuscate them.October 15, 2008 at 12:09 am #47013
I went back to Astaro for the time being. After playing with Zeroshell some more, I could see that it has potential, but it also has drawbacks. No matter how I configure it, you can not get stealth ports like on any other distro..
JazzieOctober 15, 2008 at 4:36 am #47014
the term “stealth ports” does not exist. You can drop traffic to ports via a -J DROP rule. If the ports where stealth then no one could connect to them. There other ticks you can use like a rule like this to cause a no route to host message
-A INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
Now Steve Gibson I.E. Gibson Research is not a very good resource. You might want to read a book on iptables and or read the documentation. Astaro is a good product but also requires lots of cpu horse power. ZeroShell works well on systems with lots of horse power but also works well on embedded systems as well. The drawbacks you speak of may be a limitation of your self vs ZeroShell.October 16, 2008 at 1:30 am #47015
That is a bs comment. I believe any firewall these days should guard your network right out of the box! If after you start playing with it and you open up certain things than that is one thing. But to state that because I don’t tweak ip tables it is my fault is just wrong.. I bet you that most all users that are currently using zeroshell have open or closed ports! Which, is not a good thing. The stealth I was referring to was meaning the effect of a port scan. Not having “stealth ports”. Astaro runs great on my old Preserio! I am not running a 256 or a Pentium 60! Zeroshell does have potential, but if I have to go through a process of locking down iptables and Kerberos than I may as well just stay where I am at. Nobody likes to go backwards in time!!!
You must be logged in to reply to this topic.