LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-19-2001, 10:00 AM   #1
tfrye
Member
 
Registered: Dec 2000
Posts: 60

Rep: Reputation: 15
Unhappy


I have a question that seems very odd.

I work for a company that has 2 firewalls and a proxy server to access the internet. Unless you have an authentication code, you cannot access the web. Now NT, and Linux both get stopped and require authentication.

Now the wierd part.. I have BeOS installed on my machine as well, and gave it the same network settings as Linux. And I get out on the web without requiring authentication. Even stranger, I can pull up websites that normally are blocked.

Does anyone know why? I brought this to the attention of my 2 most trusted network admins, and they have yet to be able to figure it out.

I am really only concerned because of the possible danger of an outside cracker to get in.
 
Old 04-23-2001, 04:57 AM   #2
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Tfrye,

Sounds like the box that's getting access is not going through the proxy server and the firewall is misconfigured to allow it access to the internet.

Get the admin to change the firewalls rules so only the proxy server can go out to a destination port of 80 & 8080 and DNS 53.
Then deny all other access except incoming connection from Source port 80 & 8080 and DNS 53 UDP and TCP to the Proxy and see if it stops.

If not then check out the Proxy's software.

Also note:
Even if you malformed a TCP package it would be stopped by a correctly set-up firewall.

/Raz
 
Old 04-23-2001, 03:11 PM   #3
tfrye
Member
 
Registered: Dec 2000
Posts: 60

Original Poster
Rep: Reputation: 15
My admin told me we cant just go in a reconfigure a firewall. but her did say that every computer is hard linked to a specific subnet, which must always follow that path. Such as LAN drop to switch, to router, etc. Each machine is set up to always use this path.

Plus, Be is on the same machine as Win and Lin. I am going to try to telnet to my machine from home to see what happens. We dont broadcast our ip over the web, so i should not be able to see it.... we hope.
 
Old 04-24-2001, 03:19 AM   #4
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
tfrye,

What she can't just change the firewall 8-)

I understand this but if it's physically connect to a switch and that switch has "physical" connections to different routers and bridges, then an IP packet can find its way out with the loose source routing option on, in the IP header.
(this should be blocked a correctly set-up router)

Anyway I suspect your firewall is doing NAT for your internal systems so you shouldn't see the IP address of the problem box.

I suggest you put a sniffer on the box and see what packets are talking to where, I still think something is wrong with your Proxy server.

Have fun.
/Raz

 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP packet flags (SYN, FIN, ACK, etc) and firewall rules TheLinuxDuck Linux - Security 12 04-28-2005 11:30 PM
Woody 3.0 Open Ports 1470/tcp/uaiact 1518/tcp/vpvd What for?How can I remove them? alexxxis Debian 5 07-05-2004 05:18 PM
Linux firewall, cant get on my machine (stupid me) set reject to any TCP protocol AlexW Linux - Security 3 06-10-2004 04:07 PM
Howto punch a hole in my router/firewall? phekno Linux - Networking 5 04-07-2004 06:39 AM
Firewall vs. TCP-Wrappers Crashed_Again Linux - Security 8 01-31-2003 06:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration