How do you test your router/firewall for security?
Larry Cook
lcook at sybase.com
Mon Aug 11 10:21:37 EDT 2003
Thanks for the responses. I feel much better after having done some testing
over the weekend.
The various test sites show that my Actiontec DSL modem/router responds that
the ports are closed, although a few ports don't respond at all. These are
ports 135, 136, 137, 138, 139, 412, and 445, which I think are all ports used
by MS protocols. At first I thought it was my router not responding, but I'm
wondering if they are being intercepted by my ISP. I've emailed my ISP to
find out.
Additionally, the router has the ability to specify an IP address as a DMZ
Host and forwards all connection requests to that host. I did this for each
of my hosts and found that my Win95 with ZoneAlarm didn't respond to any
requests. I was most nervous about my RH8 server running Samba, but amazingly
that didn't respond to any requests either. My RH8 desktop on the other hand
responded that most ports were closed, but three were open to the internet.
This was my first Linux system and I didn't know anything about iptables when
I set it up. I guess I'll have to go back and fix it.
This is a learning experience for me and I was pleased to see that iptables
and ZoneAlarm can distingish between local and internet traffic. This leads
me to a few more questions:
What are the vulnerabilities that I should be concerned about that could let
someone through my router and onto my local network?
If someone does get through to my local network, are all bets off, or will
ZoneAlarm and iptables on each system provide additional security?
Thanks,
Larry
More information about the gnhlug-discuss
mailing list