Page 1 of 3 123 LastLast
Results 1 to 10 of 29
  1. #1
    Master Untangler adrianp918's Avatar
    Join Date
    May 2009
    Posts
    443

    Default system not stealth

    i ran a port scan on my ip address

    so this is what i cam eup with and i want to know how do i make my system stealth

    GRC Port Authority Report created on UTC: 2010-01-16 at 01:19:02

    Results from scan of ports: 0-1055

    4 Ports Open
    1049 Ports Closed
    3 Ports Stealth
    ---------------------
    1056 Ports Tested

    Ports found to be OPEN were: 53, 80, 389, 443

    Ports found to be STEALTH were: 135, 139, 445

    Other than what is listed above, all ports are CLOSED.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.
    i have no ports open that i am aware of i have added any rules thus far

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    You've got something configured wrong. The only open port on external by default is tcp 443, then tcp 22 reports closed. A packet filter rule can fix the latter easily, the former is your remote admin.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Master Untangler adrianp918's Avatar
    Join Date
    May 2009
    Posts
    443

    Default

    ok this is where i am probably getting confused, i am coming from monowall, and if i wanted to close a port i would just go into the Rules and nat section, where would i find that in UT

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    That's just it, Untangle doesn't even have port 80 bound on the external interface. You've got something very wrong if that port is showing.

    Also, make sure you run the scan with attack blocker turned off... it can send false results if it detects a scan.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Master Untangler adrianp918's Avatar
    Join Date
    May 2009
    Posts
    443

    Default

    ok so this is where i am at now

    i reset my firewall back to factory and then this is what i have,

    GRC Port Authority Report created on UTC: 2010-01-16 at 03:51:42

    Results from scan of ports: 0-1055

    1 Ports Open
    1 Ports Closed
    1054 Ports Stealth
    ---------------------
    1056 Ports Tested

    The port found to be OPEN was: 443

    The port found to be CLOSED was: 22

    Other than what is listed above, all ports are STEALTH.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.


    where would i go to look and make the needed changes

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    Now that is normal!

    Config -> Networking -> Advanced -> Packet Filter

    Create a new rule that says this:

    Enabled: Checked
    Description: Halt SSH on External
    Action: Drop

    Destined Local
    Destination Port 22
    Protocol: TCP
    Source Interface: External

    That will correct the SSH port reporting CLOSED.

    Now, 443 is supposed to be open! That is your external secure admin. No, disabling external admin doesn't close this port. If you want to close it create a second packet filter rule just like the SSH rule, just change the destination port to 443.

    Finally, Untangle will respond to ICMP by default, if you want to control pings install this packet filter rule.

    Enabled: Checked
    Description: Halt ICMP on External
    Action: Drop

    Source Interface: External
    Protocol: ICMP
    Last edited by sky-knight; 01-15-2010 at 10:34 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Master Untangler adrianp918's Avatar
    Join Date
    May 2009
    Posts
    443

    Default

    Woo hoo

    GRC Port Authority Report created on UTC: 2010-01-16 at 06:38:16

    Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
    1056 Ports Stealth
    ---------------------
    1056 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: PASSED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.


    now i am getting some where

  8. #8
    Untangler
    Join Date
    Oct 2008
    Posts
    80

    Default

    noted

  9. #9
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,630

    Default

    noted as well.
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  10. #10
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,186

    Default

    Curious,............. a new installation in router mode.

    a scan on the external interface with nmap, cable connection.
    Nmap results, regular scan:
    Starting Nmap 5.00
    Interesting ports on xxxxxxxxxxxx:
    21/tcp open ftp
    22/tcp open ssh
    80/tcp open http
    110/tcp open pop3
    443/tcp open https
    Nmap done: 1 IP address (1 host up) scanned in 15.91 seconds

    A scan from grc shows only 22 and 443, of course I have udp 1194 open and a forward for 3 other ports, none of which show in a standard scan.

    of course the pf has a rule to allow ssh from all interfaces so a rule applied to drop from external closes that port to the scans from grc and nmap.

    if I point a browser to port 80 I get a timeout, as well with port 21.

    a different nmap scan:
    Interesting ports on xxxxxxxxxxxxxx:
    Not shown: 996 filtered ports
    PORT STATE SERVICE VERSION
    21/tcp open ftp?
    |_ ftp-bounce: no banner
    80/tcp open http?
    110/tcp open pop3
    |_ pop3-capabilities: capa
    443/tcp open ssl/http Apache httpd 2.2.9 ((Debian) mod_jk/1.2.26 mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g)
    2 services unrecognized despite returning data.
    Aggressive OS guesses: Linux 2.6.18 (94%)

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2