Please note. I am in no way slamming STN!
The results returned by Gibson are not altogether accurate.
I ran the same report and found that port 25 (smtp) and 80 (http) were
open.. Well, I knew that because I'd set up my STN box that way.
HOWEVER...
In running nmap against the same machine...
[root@mail /root]# nmap -sS -O -v jburton.telepath.com
Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
Host jburton.telepath.com (216.14.25.10) appears to be up ... good.
Initiating SYN half-open stealth scan against jburton.telepath.com
(216.14.25.10
)
Adding TCP port 53 (state Open).
The SYN scan took 4 seconds to scan 1483 ports.
For OSScan assuming that port 53 is open and port 42326 is closed and
neither ar
e firewalled
Interesting ports on jburton.telepath.com (216.14.25.10):
Port State Protocol Service
25 filtered tcp smtp
53 open tcp domain
80 filtered tcp http
TCP Sequence Prediction: Class=truly random
Difficulty=9999999 (Good luck!)
Sequence numbers: F6CE41F3 E2CCC039 74EEB643 55EF6DB6 47B9C084 8A026768
Remote operating system guess: Linux 2.0.35-36
Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds
[root@mail /root]#
Note the differance.. nmap reports the same ports filtered *plus* port 53
open.
I might be showing more than I should in a semi-public forum, but if
someone hacks into my STN box, what are they gonna get? Other than my
password nuthin. There's nuthin there!
Again. John, please don't take this like a slam. I'm very happy with the
protection that STN affords. I'd like to see a DMZ function, for that
would complete the protection afforded to my smtp and http servers. But I
can live with this.
Thanks!
--==jb==--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
john burton
Midwest City, Oklahoma
1:147/34 @ fidonet
-----Original Message-----
From: Arnie Rothenbaum [SMTP:[EMAIL PROTECTED]]
Sent: Friday, October 29, 1999 23:36
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [ShareTheNet] STN passes ShieldUP attack!
Dear Fellow STN users,
Thought you might want to try this test on your system.
Bill Machrone (PCWeek, October 15, 1999) writes a column called Up
Periscope.
In this weeks issue, he discusses an "Online Security Checkup" from a
company called Gibson Research Company (GRC) which, with your
permission, will attempt to connect to your computer using both Netbios
and port probes attack.
It gets your IP address (or you give it) and then attempts to get in.
STN protected me from any entry and I rated a "Stealth" on their scale.
I use STN fully locked down, no ports open, no outside admin - just
straight out of the box.
And it's the protection I want, especially with cable mode 24x7.
It's nice to know it works and works well!
So goto www.gmc.com/shieldsup and get scanned!
Peace of mind is a wonderful thing to have.
For those of you who have open ports and maybe are vulnerable, Machrone
in a previous column, discussed a program called "BlackIce Defender"
from Network Ice ($39.95 for Win95/98/NT) (www.netice.com). The claim
is that BlackICE Pro provides intrusion detection, identification and
protection on networked workstations and servers. Machrone gave this
good reviews. Again, I don't know much about these things but I was
going to purchase this to deal with the issues of being hit. It appears
that this is no longer necessary. (except maybe just to see how often I
get attacked on a daily basis)
Which leads me to my final point. John, be careful what changes you
make to STN. Vulnerability is something we sacrifice for features,
features, features. Look at all the Internet Explorer holes, (and
Netscape too), when it comes to security. I'm sure that they weren't
done intentionally (maybe sloppily) but the demand for features turns a
blind eye to the more important things. ActiveX may be a great idea for
self installing patches on Win98 systems but look what can be done with
it on the evil side.
I'm a novice at most of this security stuff. I am vulnerable on my
own. If you add features to STN that breaches security, please make
note of this during install and allow me to turn it off in the options
tab.
Keep up the good work!
Arnie
[EMAIL PROTECTED]
[EMAIL PROTECTED]
_______________________________________________
ShareTheNet maillist - [EMAIL PROTECTED]
http://www.webserv.com/mailman/listinfo/sharethenet��
_______________________________________________
ShareTheNet maillist - [EMAIL PROTECTED]
http://www.webserv.com/mailman/listinfo/sharethenet
