Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I work for a company that has 2 firewalls and a proxy server to access the internet. Unless you have an authentication code, you cannot access the web. Now NT, and Linux both get stopped and require authentication.
Now the wierd part.. I have BeOS installed on my machine as well, and gave it the same network settings as Linux. And I get out on the web without requiring authentication. Even stranger, I can pull up websites that normally are blocked.
Does anyone know why? I brought this to the attention of my 2 most trusted network admins, and they have yet to be able to figure it out.
I am really only concerned because of the possible danger of an outside cracker to get in.
Sounds like the box that's getting access is not going through the proxy server and the firewall is misconfigured to allow it access to the internet.
Get the admin to change the firewalls rules so only the proxy server can go out to a destination port of 80 & 8080 and DNS 53.
Then deny all other access except incoming connection from Source port 80 & 8080 and DNS 53 UDP and TCP to the Proxy and see if it stops.
If not then check out the Proxy's software.
Also note:
Even if you malformed a TCP package it would be stopped by a correctly set-up firewall.
My admin told me we cant just go in a reconfigure a firewall. but her did say that every computer is hard linked to a specific subnet, which must always follow that path. Such as LAN drop to switch, to router, etc. Each machine is set up to always use this path.
Plus, Be is on the same machine as Win and Lin. I am going to try to telnet to my machine from home to see what happens. We dont broadcast our ip over the web, so i should not be able to see it.... we hope.
I understand this but if it's physically connect to a switch and that switch has "physical" connections to different routers and bridges, then an IP packet can find its way out with the loose source routing option on, in the IP header.
(this should be blocked a correctly set-up router)
Anyway I suspect your firewall is doing NAT for your internal systems so you shouldn't see the IP address of the problem box.
I suggest you put a sniffer on the box and see what packets are talking to where, I still think something is wrong with your Proxy server.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.