PDA

View Full Version : Anyone using IPCop?



rmcb
07-11-2003, 02:23 PM
Have been using this for a week or so now.
Works great, a cheap and secure way to share your internet connection.
http://www.ipcop.org

CYaBro
07-11-2003, 02:38 PM
I just set one up here at work last week. Also have a couple of clients that are using it too. Does a great job. REMEMBER to keep it up-to-date!

Great for using those old PC's instead of dumping them!

bmason
07-11-2003, 03:02 PM
I use smoothwall, which is what ipcop is based on.

I tried ipcop (2.4 kernel) but it was slower than SW1.0 (2.2) on my old 486. Otherwise I couldn't spot any real differences.

Gorela
07-11-2003, 06:04 PM
Like Brett, I have used Smoothwall (http://www.smoothwall.org) and found it to be fairly good. I have also played around with IPCop.

The main concerns I had with both distro's was that their default configuration is to reply to "pings" and they show an awful lot of filtered ports when scanned externally by some port scanners.

Checking them via the Gibson site shows them as stealthed, but they aren't really :)

Apart from those niggles, they don't seem to be to bad. :D

whetu
08-11-2003, 07:44 PM
"The main concerns I had with both distro's was that their default configuration is to reply to "pings" and they show an awful lot of filtered ports when scanned externally by some port scanners.

Checking them via the Gibson site shows them as stealthed, but they aren't really "

a copy and paste from the smoothwall documentation (forgive formatting):

General
Q. Help, I have just downloaded and run Leaktest from
grc.com and my Smoothie has failed.
A. Calm down, think logically and look at what Leaktest
does. Leaktest is a classic FUD spreader, first of all
read what the Leaktest web page actually says.
‘LeakTest pretends to be an FTP client application
which attempts to connect to port 21 (FTP) of one of
our servers within the grc.com domain.’
2001 by Gibson Research Corporation
Well knock me down with a feather, SmoothWall
actually allowed a computer on the Green network
running an FTP client to connect to an FTP server on
the Internet. If it had not, you would probably be
reading this document to find out why you could not
connect to FTP servers through Smoothwall.
If you are really worried about Viruses, Worms,
Trojans etc. Then you should do the following:
1. Invest in a decent Anti-virus software package and
keep it up to date.
2. Monitor your application suppliers for security
bulletins and install patches and fixes as soon as
they are released.
3. Take and retain regular backups of critical
applications and data that are stored on your
machines.
4. Have a strict policy about opening e-mails with
attachments, and information on portable media
from any source.
You should be doing all the above anyway. If you are
still paranoid, then the simplest answer is not to your
private network to the outside world or to accept any
software unless guaranteed virus free by the
manufacturer. Failing that get rid of all your computers
and go back to pen and ink.

Q. Is SmoothWall 100% watertight? Is it true it's unhackable?
A. We try to make SmoothWall as watertight as possible.
You should never assume that ANY firewall is 100%
hack proof. To date we don't believe that SmoothWall
has been hacked.

Q. I used one of those internet firewall testing sites. It
said that my ICMP port was open. Is this a problem?
A. While some people would like to close that port as
well, ICMP (Ping) was consciously left open to allow
you to run diagnostics on your firewall. All a hacker
can get from a ping is that your machine exists and is
alive. Having this port open is not a security hole.

Q. Is it safe to allow external automated sites to scan my
network / firewall?
A. No it isnt. This is the easiest way for an attacker to
harvest IP addresses with the owner’s consent. Once
they have the IP they will often send back bogus
reports and have a nice database of insecure boxes to
play with There are many tools available that will
allow you to test your own set-up.

Q. I did a nmap port scan of my SmoothWall and found
that 1025 is open. Help?
A. Port 1025 on Smoothie is dnrd, the dns proxy / cache.
This port is needed to receive DNS info from external
DNS servers. You cannot block this without killing
DNS proxy functionality. dnrd runs as non root and is
chroot in an empty directory.

Q. Why is Smoothie showing my ports are open? For
example, a remote UDP scan from
http://scan.sygatetech.com showed that I have ports
137 (NetBIOS-NS), 138 (NetBIOS-DGM), and 139
(NetBIOS) open. Are the scans from this site
accurate? How do I turn off these ports?
A. Some users of cable modems may find that they have
those netbois ports "open". They appear almost as if
the cable company / manufacturer has set up a "honey
pot" on those ports from the outside. This may vary
with different manufacturers or suppliers.

Gorela
09-11-2003, 01:44 AM
Thanks for the Smoothwall info Whetu :)

All scans I do are against firewalls I have set-up internally. You might remember that I like playing with firewalls :)

My concern about IPCop and Smoothwall is as I mentioned that almost ALL the interesting ports show up as filtered with certain scans. As you know this means that it is more than sufficient to determine the OS.