Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31
  1. #1
    Untangler
    Join Date
    Apr 2008
    Posts
    34

    Default Stealthier Untangle?

    Untangle is a really nice firewall product and it does a lot of things really well. One thing I am a bit concerned about is the fact that if you open any ports they show up in a scan such as the one from grc.com. I am using Monowall at our office and even the opened ports still show as stealth on the scan. To me that enhances the security of the network because scans from the Internet don't reveal any open ports. Is there a reason UT doesn't stealth the open ports?

    I am using UT at a school because I think some of the features do help secure their network better and the reports and logging are really nice, very helpful. And, once you learn how setup UT, it just works. Replaced a firewall product by Colubris because they couldn't get it to block smtp traffic for computers other than the mail server, after 3 days of trying. In less than a day I had UT installed and configured exactly the way I wanted it. No more spam from computers that get infected.

  2. #2
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,351

    Default

    If you open (technical port forward) the port 25 for example, to permit the incoming mails to your internal mail server, this can not appears as stealth in untangle or monowall, or any other firewall. Same for http, RDP or any service you need to publish to the internet.
    The world is divided into 10 kinds of people, who know binary and those not

  3. #3

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    stealthing open ports doesn't make sense.

    "stealth" (which is a terrible word btw) just means it doesn't return a reset to tell the client the port is closed. It just drops the packet.

    If its open to the client, it will appear open.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler
    Join Date
    Apr 2008
    Posts
    34

    Default Stealth possible

    Quote Originally Posted by dwasserman View Post
    If you open (technical port forward) the port 25 for example, to permit the incoming mails to your internal mail server, this can not appears as stealth in untangle or monowall, or any other firewall. Same for http, RDP or any service you need to publish to the internet.
    That is interesting since I am running Monowall at the office and I do have ports open for email, webaccess and RDP. When I test against Shields Up it passes with complete stealth yet every thing works just fine.

    The reason I am concerned about this is that ports that show as open are targets for hackers and such to pound on. I would much rather they not even know these ports exist.

    Obviously, I don't want to actually close those ports because access is required. So, is it possible get those ports to not respond to scans?

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    that doesn't make sense. A scan is just a connection attempt to see what ports are open.
    If you don't want them open then close them.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,541

    Default

    The reason why that is happening is because the default firewall settings in monowall will automatically black list common port scanners.

    In short, the monowall is cheating by simply preventing the GRC servers for accessing anything. This doesn't change your security profile one inch.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by sky-knight View Post
    The reason why that is happening is because the default firewall settings in monowall will automatically black list common port scanners.
    oooooh - that makes sense.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,636

    Default

    sneaky moonwall! talk about false sense of security.
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  10. #10
    Master Untangler Louisd's Avatar
    Join Date
    Jan 2008
    Location
    Montreal, QC
    Posts
    168

    Default

    The reason why that is happening is because the default firewall settings in monowall will automatically black list common port scanners.
    Are you positive? I never read that anywhere else, nor is there any reference to this in the M0n0wall mailing list (that I have been subscribing to for a few years). Perhaps I missed in the doc somewhere?

    LD

Page 1 of 4 123 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2