Hi everyone :)
I am new to Linux and I am trying to learn all I can in order to make the switch to Linux (Eventually). My main priority at the moment is security. I have not been able to find a firewall anywhere. I am using Knoppix 3.2 I have it installed on the harddrive. Can anyone tell me how to access the firewall. Or do I need to Install something? I can tell that currently I have no protection. Using Ksim and Kppp details I see lots of activity going back and forth, Even when I am just sitting there with no browser or mail or anything open. But I dont know how to stop it. Anybody have any recommendations? My thanks to the group.
Best Regards,
KnoppixBill

Hi everyone :)
I am new to Linux and I am trying to learn all I can in order to make the switch to Linux (Eventually). My main priority at the moment is security. I have not been able to find a firewall anywhere. I am using Knoppix 3.2 I have it installed on the harddrive. Can anyone tell me how to access the firewall. Or do I need to Install something? I can tell that currently I have no protection. Using Ksim and Kppp details I see lots of activity going back and forth, Even when I am just sitting there with no browser or mail or anything open. But I dont know how to stop it. Anybody have any recommendations? My thanks to the group.
Best Regards,
KnoppixBill

You can try Firestarter (http://firestarter.sourceforge.net/), Bastille Linux (http://www.bastille-linux.org/) or what I use Arno's Iptables (http://rocky.molphys.leidenuniv.nl/) the first two you can use apt-get install to get them installed on the machine the Arno script is really a firewall/internet connection sharing and almost forgot Guarddog (http://www.simonzone.com/software/guarddog/) also available via apt-get. If you want to check your connection then go to Gibson Research Corporation (http://www.grc.com) and use their ShieldsUp port scanning utility to see the status of your ports.

Hi Stephen thanks for your reply. I have since installed Firestarter and ran a scan at GRC. All ports are now in stealth mode. I have just one problem. I failed with the Ping Reply. Which of course means that my computer is answering pings. Which means I am still vulnerable. Or atleast I can be found. I have tried many settings in Firestarter and cant seem to find the option to shut off my answer to pings. Can anyone help?
Thanks and Best Regards
KnoppixBill

KnoppixBill,

You've gotten farther than I have.

I also read this thread, and as soon as I got interent access, and a HD Install, I went with Firestarter also.

I don't know anything about this, I used to use [don't know the name] in Win98, and it was a lot easier, I just told it "lock-down" or something.

I can get firestarter to run, but only in the Root account - sometimes it reports something and crashes. But, I did resolve this issue, and after learning why, when I go to a web site, like this, Mozilla would just sit and say "connecting to xxxxxxxx" - I realized I needed to add the site into my Trusted Site rules.

Hmmmmm, here is just a dumb thought, shoot me if I am wrong, but when I went to the FireStarter site to read about it, before I did a apt-get -=- I thought their was some form of "communication" to either the author, or the site? Can this be a possible avenue of answers?

Just some thoughts,
Cuddles

Hi Cuddles, I did look around in their online manual and have found nothing. I do see a contact us link on their homepage. If nobody else comes up with a suggestion I will contact firestarter Or I am even thinking about giving IPTables a try. Thanks and Best Regards
KnoppixBill

Hi Cuddles, I did look around in their online manual and have found nothing. I do see a contact us link on their homepage. If nobody else comes up with a suggestion I will contact firestarter Or I am even thinking about giving IPTables a try. Thanks and Best Regards
KnoppixBill

Try these as root then run your scan again then if it looks good then you should just add the commands to the file /etc/init.d/bootmisc.sh and they will be loaded on boot or see if there is a custom setting in the Firestarter. Just so you know that if your ISP ever has to try and check your connection this will make it look like it is bad and unreachable. Also you may want to checkout the Guarddog when I used it everything always showed up as stealth.



echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

To the forum;
Knoppix can be hacked even as a live CD. I have a hacker who is giving me problems. I do have a question and that is;

Can you use the binary editors to check the config. files and is there a source for obtaining the correct binaries or hex or text or any way to check the files aganst a clean, unhacked file?

let me know if you can double check the files in some manner and make edits against bad code

thanks again

midwestdiscuss@lycos.com

**************************************