[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] [RaQ3] Port Sentry

Subject: RE: [cobalt-security] [RaQ3] Port Sentry
From: "Benoit Perreault" <liste@xxxxxxxxxxxxx>
Date: Fri, 15 Jun 2001 08:55:11 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Whit a Qube3 we have some firewall rules already in there when we setup-up
the GUI, how do you tell the system to remake them ?

Thank's

------

Benoit Perreault
mailto:bperreault@xxxxxxxxxxxxx
Névé Réfrigération Inc
Longueuil, Québec, Canada


-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Michael
Stauber
Sent: Monday, June 11, 2001 10:00
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] [RaQ3] Port Sentry


Hi Kevin,

> Now this I like. I've actually considered setting up something like this
> myself... care to share that config and script?

Sure, no problem. But I'll have to leave out the randomized restart routine
for NDA reasons <sigh>. Just bind this script to a cronjob that will run
several times a day (1-3 times for instance) and you're there almost as
good.

Make sure you understand what the script does before you attempt to use it!
For instance: If you don't have SSH installed, then you will no longer be
able to get to the shell, as it'll block the telnet port! :o)

#!/bin/sh
# This script makes sure that Portsentry does not generate
# too many false alerts. It also makes sure that Portsentry is
# restarted periodically. When that happens existing
# Firewall rules will be flushed. So if a customer accidentially
# blocked himself, then a flush of the ruleset will make
# sure that he can get in again after a considerable wait.
# For questions ask cobalt@xxxxxxxxxxxxxx

# Stop all instances of Portsentry:
killall -9 portsentry

# Flush all existing Firewall rules
/sbin/ipchains -F

#Deny Telnet permanently (only if you have SSH!):
/sbin/ipchains -A input -l -i eth0 -d 0/0 23 -p tcp -j DENY

# Deny TCP and UDP packets to certain ports:
/sbin/ipchains -A input -i eth0 -d 0/0 137:139 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 137:139 -p tcp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 68 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 67 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 123 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 161 -p udp -j DENY

# Remove portsentry history file:
rm /usr/local/psionic/portsentry/portsentry.blocked.*

# Restart Portsentry in both ATCP and AUDP mode:
/usr/local/psionic/portsentry/portsentry -atcp
/usr/local/psionic/portsentry/portsentry -audp

# Say something nice and exit gracefully:
echo "Firewall rules flushed and Portsentry restarted"


--

Mit freundlichen Grüßen / Best regards

Michael Stauber

 Stauber Multimedia Design ____ Phone:  +49-6471-923812
 Hauptstrasse 31 ______  D-56244 Goddert ______ Germany
 SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- Re: [cobalt-security] [RaQ3] Port Sentry
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] fpipe - interesting security experiment
Next by Date: RE: [cobalt-security] fpipe - interesting security experiment
Previous by thread: Re: [cobalt-security] [RaQ3] Port Sentry
Next by thread: [cobalt-security] cgiwrap users

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index