PDA

View Full Version : Firestarter



sn0wflake
04-04-2004, 01:29 AM
How do I deny ICMP Echo Requests in the Firestarter firewall? The IP is given by my ISP (DHCP is enabled).

Max
04-04-2004, 06:10 AM
Edit > Preferences... > ICMP Filtering?

sn0wflake
04-04-2004, 08:38 PM
ICMP filtering was/is already disabled before I posted my question. I don't get it...

Max
04-05-2004, 04:59 AM
If I correctly understand what you are saying:

How do I deny ICMP Echo Requests in the Firestarter firewall?
What you want to do is to ENABLE ICMP filtering & then check the "ECHO" box.

sn0wflake
04-05-2004, 05:22 PM
Your my hero Max! I now get a perfect TruStealt rating on grc.com :D
I find it odd that I have to enable "something" to disable it. As you all probably have figured out now networking isn't my speciality :wink:

Next question I hope you'll answer is why I deliberately have to disable port 67 and 68? I learned that those ports are the Bootstrap Protocol Server and Client. I have to learn how to disable that :)

Max
04-05-2004, 10:22 PM
Glad to help. The reason that you have to enable something to disable it is that you are enabling filtering which is actually another word for blocking in this context.

As to why you deliberately have to disable port 67 and 68 I don't know the answer to that one. Maybe someone else can tell you that but I can tell you how to disable any port with Firestarter. Click on the "Rules" tab next to the "Hits" tab. Select "Blocked Ports". Right click on it & select "New rule" at the top of the list then just enter the port number that you want to block. Click "OK" & it should work.

sn0wflake
04-05-2004, 11:36 PM
Thank you for the reply :) I already figured out how to disabling the ports otherwise I wouldn't get a perfect TruStealth rating. I'm just wondering what daemon/app/ISP(?) that's requiring it.
Port 67 is closed but visible (ie. responds so it's not stealth) and port 68 is wide open!

Stephen
04-06-2004, 12:15 AM
Thank you for the reply :) I already figured out how to disabling the ports otherwise I wouldn't get a perfect TruStealth rating. I'm just wondering what daemon/app/ISP(?) that's requiring it.
Port 67 is closed but visible (ie. responds so it's not stealth) and port 68 is wide open!

Well a quick google on port 67 (http://www.google.com/linux?hl=en&lr=&ie=ISO-8859-1&q=port%2067&btnG=Google+Search) and port 68 (http://www.google.com/linux?hl=en&lr=&ie=ISO-8859-1&q=port+68&btnG=Google+Search) seems to suggest DHCP so apt-get --purge remove dhcp3-server should do it or you may want to go to Kano's script page (http://kanotix.com/files/) and get the remove-servers.sh make it exectuable and run it to get rid of most of the servers included so they will not get started as well.