RE: IPCop v1.4.5 Configuration

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MCraig White at <-
MCraig White at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Wagner, Steven G
Date:  
To: plug-discuss
Subject: RE: IPCop v1.4.5 Configuration

So how do I block a port in IPCop? I've gone to the firewall tab where I can
forward ports or configure external access, but I haven't found any
instructions on how to effectively block a port. Do I have to get to IPCop's
root shell and manually edit a .conf file or something?

Thanks for any help,

Steven
- -----Original Message-----
From:
[mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Craig
White
Sent: Monday, May 02, 2005 10:47 AM
To:
Subject: Re: IPCop v1.4.5 Configuration


On Sun, 2005-05-01 at 20:42 -0700, Wagner, Steven G wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I just got my IPCop up this morning, but I'm not sure how to disable ping
> requests. Does anyone know offhand how to do this?
>
> Also, any other suggestions in regards to securing IPCop would be greatly
> appreciated as I am new to IPCop and networking in general.
>
> My Network=
>
> Net --> IPCop --> switch --> PIII/WindozeXP & Sempron/WindozeXP.
>
> At www.grc.com ShieldsUp!'s port scan revealed that my port 113 was
> responding, but the connection was closed. I read a bit about port 113 and
> decided to redirect any requests to that port to another unusable IP. Now
> all ports show stealth mode.
>
> TIA for any help, this group is great! I'm eagerly anticipating the day
when
> I know enough to give more than I take in here!
- ----
ipcop by design has already taken care of security issues if you respect
the red/green/orange interface concept... 

red    - internet/insecure
orange - dmz - internet/insecure
green  - your lan / secure


port 113 is identd port and has traditionally been left open so systems
can identify your existence. Redirecting to an unusable ip makes little
sense - better to simply reject port 113.

want more info?
<http://www.iss.net/security_center/advice/Reference/Networking/Misc/IDENT/d
efault.htm>

Craig

- ---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
- --
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.1 - Release Date: 5/2/2005

- --
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.11.1 - Release Date: 5/2/2005


---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: OT: Civil Disobedience and Jury Nullification (was Re: DVD Movies on Ubunto)Re: OT: Civil Disobedience and Jury Nullification (was Re: DVD Movies on Ubun...->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)