On 30/03/11 14:16, Thomas Bächler wrote:
Am 30.03.2011 10:36, schrieb Partha Chowdhury:
sudo /sbin/iptables-save # Generated by iptables-save v1.4.7 on Wed Mar 30 13:59:44 2011 *filter :INPUT DROP [2844:282816] :FORWARD DROP [0:0] :OUTPUT ACCEPT [9999:990098] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 54215 -j ACCEPT -A INPUT -p udp -m udp --dport 54215 -j ACCEPT COMMIT # Completed on Wed Mar 30 13:59:44 2011 The following is OT, but I have to say it:
This is an affront to every admin of smaller or bigger networks. It hurts my eyes. What do you try to achieve by dropping unwanted traffic? You even drop ICMP entirely - dropping ICMP is the cause of a large number of problems.
There is no security advantage, but you deliberately prevent proper communication between yourself and other computers on the internet.
Well I picked this configuration from Red Hat training books, except for port 54215 which I open for bit torrent. What do you suggest about the ideal iptables configuration for basic desktop user - allowing proper connection as you said and yet stay secure from malicious port scanners ? On 30/03/11 14:20, Jan de Groot wrote:
. Try doing an nmap -sV and you'll see what software is running on the proxyserver. I did what you said:
nmap -sV 115.187.45.97
Starting Nmap 4.20 ( http://insecure.org ) at 2011-03-30 15:06 IST Interesting ports on 115.187.45.97: Not shown: 1696 filtered ports PORT STATE SERVICE VERSION 80/tcp open http? 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port80-TCP:V=4.20%I=7%D=3/30%Time=4D92F9D0%P=i686-pc-linux-gnu%r(Help,D SF:DD,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nServer:\x20squid/3\.2\.0\.4-2 SF:0110203\r\nMime-Version:\x201\.0\r\nDate:\x20Wed,\x2030\x20Mar\x202011\ SF:x2009:37:20\x20GMT\r\nContent-Type:\x20text/html\r\nContent-Length:\x20 SF:3234\r\nX-Squid-Error:\x20ERR_INVALID_REQ\x200\r\nContent-Language:\x20 SF:en\r\nX-Cache:\x20MISS\x20from\x20Streamride\r\nVia:\x201\.1\x20Streamr SF:ide\x20\(squid/3\.2\.0\.4-20110203\)\r\nConnection:\x20close\r\n\r\n<!D SF:OCTYPE\x20html\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01//EN\"\x20\"h SF:ttp://www\.w3\.org/TR/html4/strict\.dtd\">\n<html><head>\n<meta\x20http SF:-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset=utf-8\">\n<t SF:itle>ERROR:\x20The\x20requested\x20URL\x20could\x20not\x20be\x20retriev SF:ed</title>\n<style\x20type=\"text/css\"><!--\x20\n\x20/\*\n\x20Styleshe SF:et\x20for\x20Squid\x20Error\x20pages\n\x20Adapted\x20from\x20design\x20 SF:by\x20Free\x20CSS\x20Templates\n\x20http://www\.freecsstemplates\.org\n SF:\x20Released\x20for\x20free\x20under\x20a\x20Creative\x20Commons\x20Att SF:ribution\x202\.5\x20License\n\*/\n\n/\*\x20Page\x20basics\x20\*/\n\*\x2 SF:0{\n\tfont-family:\x20verdana,\x20sans-serif;\n}\n\nhtml\x20body\x20{\n SF:\tmargin:\x200;\n\tpadding:\x200;\n\tbackground:\x20#efefef;\n\tfont-si SF:ze:\x2012px")%r(SSLSessionReq,DE3,"HTTP/1\.1\x20400\x20Bad\x20Request\r SF:\nServer:\x20squid/3\.2\.0\.4-20110203\r\nMime-Version:\x201\.0\r\nDate SF::\x20Wed,\x2030\x20Mar\x202011\x2009:37:20\x20GMT\r\nContent-Type:\x20t SF:ext/html\r\nContent-Length:\x203240\r\nX-Squid-Error:\x20ERR_INVALID_RE SF:Q\x200\r\nContent-Language:\x20en\r\nX-Cache:\x20MISS\x20from\x20Stream SF:ride\r\nVia:\x201\.1\x20Streamride\x20\(squid/3\.2\.0\.4-20110203\)\r\n SF:Connection:\x20close\r\n\r\n<!DOCTYPE\x20html\x20PUBLIC\x20\"-//W3C//DT SF:D\x20HTML\x204\.01//EN\"\x20\"http://www\.w3\.org/TR/html4/strict\.dtd\ SF:">\n<html><head>\n<meta\x20http-equiv=\"Content-Type\"\x20content=\"tex SF:t/html;\x20charset=utf-8\">\n<title>ERROR:\x20The\x20requested\x20URL\x SF:20could\x20not\x20be\x20retrieved</title>\n<style\x20type=\"text/css\"> SF:<!--\x20\n\x20/\*\n\x20Stylesheet\x20for\x20Squid\x20Error\x20pages\n\x SF:20Adapted\x20from\x20design\x20by\x20Free\x20CSS\x20Templates\n\x20http SF:://www\.freecsstemplates\.org\n\x20Released\x20for\x20free\x20under\x20 SF:a\x20Creative\x20Commons\x20Attribution\x202\.5\x20License\n\*/\n\n/\*\ SF:x20Page\x20basics\x20\*/\n\*\x20{\n\tfont-family:\x20verdana,\x20sans-s SF:erif;\n}\n\nhtml\x20body\x20{\n\tmargin:\x200;\n\tpadding:\x200;\n\tbac SF:kground:\x20#efefef;\n\tfont-size:\x2012px");
Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap finished: 1 IP address (1 host up) scanned in 114.226 seconds
So it seems my ISP is running squid version 3.2.0.4-20110203 in transparent mode , just like you said. Interestingly when connecting to random ip addresses on port 80, the error page returned is quite different from normal ones. http://www.freeimagehosting.net/image.php?280f0ef980.png Does this transparent proxy pose any threat and what can I do to stop that ?