On 30/03/11 14:16, Thomas Bächler wrote:
Am 30.03.2011 10:36, schrieb Partha Chowdhury:
sudo /sbin/iptables-save
# Generated by iptables-save v1.4.7 on Wed Mar 30 13:59:44 2011
*filter
:INPUT DROP [2844:282816]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [9999:990098]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 54215 -j ACCEPT
-A INPUT -p udp -m udp --dport 54215 -j ACCEPT
COMMIT
# Completed on Wed Mar 30 13:59:44 2011
The following is OT, but I have to say it:
This is an affront to every admin of smaller or bigger networks. It
hurts my eyes. What do you try to achieve by dropping unwanted traffic?
You even drop ICMP entirely - dropping ICMP is the cause of a large
number of problems.
There is no security advantage, but you deliberately prevent proper
communication between yourself and other computers on the internet.
Well I picked this configuration from Red Hat training books, except for
port 54215 which I open for bit torrent.
What do you suggest about the ideal iptables configuration for basic
desktop user - allowing proper connection as you said and yet stay
secure from malicious port scanners ?
On 30/03/11 14:20, Jan de Groot wrote:
. Try doing an nmap -sV and
you'll see what software is running on the proxyserver.
I did what you said:
nmap -sV 115.187.45.97
Starting Nmap 4.20 ( http://insecure.org ) at 2011-03-30 15:06 IST
Interesting ports on 115.187.45.97:
Not shown: 1696 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http?
1 service unrecognized despite returning data. If you know the
service/version, please submit the following fingerprint at
http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port80-TCP:V=4.20%I=7%D=3/30%Time=4D92F9D0%P=i686-pc-linux-gnu%r(Help,D
SF:DD,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nServer:\x20squid/3\.2\.0\.4-2
SF:0110203\r\nMime-Version:\x201\.0\r\nDate:\x20Wed,\x2030\x20Mar\x202011\
SF:x2009:37:20\x20GMT\r\nContent-Type:\x20text/html\r\nContent-Length:\x20
SF:3234\r\nX-Squid-Error:\x20ERR_INVALID_REQ\x200\r\nContent-Language:\x20
SF:en\r\nX-Cache:\x20MISS\x20from\x20Streamride\r\nVia:\x201\.1\x20Streamr
SF:ide\x20\(squid/3\.2\.0\.4-20110203\)\r\nConnection:\x20close\r\n\r\n<!D
SF:OCTYPE\x20html\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01//EN\"\x20\"h
SF:ttp://www\.w3\.org/TR/html4/strict\.dtd\">\n<html><head>\n<meta\x20http
SF:-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset=utf-8\">\n<t
SF:itle>ERROR:\x20The\x20requested\x20URL\x20could\x20not\x20be\x20retriev
SF:ed</title>\n<style\x20type=\"text/css\"><!--\x20\n\x20/\*\n\x20Styleshe
SF:et\x20for\x20Squid\x20Error\x20pages\n\x20Adapted\x20from\x20design\x20
SF:by\x20Free\x20CSS\x20Templates\n\x20http://www\.freecsstemplates\.org\n
SF:\x20Released\x20for\x20free\x20under\x20a\x20Creative\x20Commons\x20Att
SF:ribution\x202\.5\x20License\n\*/\n\n/\*\x20Page\x20basics\x20\*/\n\*\x2
SF:0{\n\tfont-family:\x20verdana,\x20sans-serif;\n}\n\nhtml\x20body\x20{\n
SF:\tmargin:\x200;\n\tpadding:\x200;\n\tbackground:\x20#efefef;\n\tfont-si
SF:ze:\x2012px")%r(SSLSessionReq,DE3,"HTTP/1\.1\x20400\x20Bad\x20Request\r
SF:\nServer:\x20squid/3\.2\.0\.4-20110203\r\nMime-Version:\x201\.0\r\nDate
SF::\x20Wed,\x2030\x20Mar\x202011\x2009:37:20\x20GMT\r\nContent-Type:\x20t
SF:ext/html\r\nContent-Length:\x203240\r\nX-Squid-Error:\x20ERR_INVALID_RE
SF:Q\x200\r\nContent-Language:\x20en\r\nX-Cache:\x20MISS\x20from\x20Stream
SF:ride\r\nVia:\x201\.1\x20Streamride\x20\(squid/3\.2\.0\.4-20110203\)\r\n
SF:Connection:\x20close\r\n\r\n<!DOCTYPE\x20html\x20PUBLIC\x20\"-//W3C//DT
SF:D\x20HTML\x204\.01//EN\"\x20\"http://www\.w3\.org/TR/html4/strict\.dtd\
SF:">\n<html><head>\n<meta\x20http-equiv=\"Content-Type\"\x20content=\"tex
SF:t/html;\x20charset=utf-8\">\n<title>ERROR:\x20The\x20requested\x20URL\x
SF:20could\x20not\x20be\x20retrieved</title>\n<style\x20type=\"text/css\">
SF:<!--\x20\n\x20/\*\n\x20Stylesheet\x20for\x20Squid\x20Error\x20pages\n\x
SF:20Adapted\x20from\x20design\x20by\x20Free\x20CSS\x20Templates\n\x20http
SF:://www\.freecsstemplates\.org\n\x20Released\x20for\x20free\x20under\x20
SF:a\x20Creative\x20Commons\x20Attribution\x202\.5\x20License\n\*/\n\n/\*\
SF:x20Page\x20basics\x20\*/\n\*\x20{\n\tfont-family:\x20verdana,\x20sans-s
SF:erif;\n}\n\nhtml\x20body\x20{\n\tmargin:\x200;\n\tpadding:\x200;\n\tbac
SF:kground:\x20#efefef;\n\tfont-size:\x2012px");
Service detection performed. Please report any incorrect results at
http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 114.226 seconds
So it seems my ISP is running squid version 3.2.0.4-20110203 in
transparent mode , just like you said.
Interestingly when connecting to random ip addresses on port 80, the
error page returned is quite different from normal ones.
http://www.freeimagehosting.net/image.php?280f0ef980.png
Does this transparent proxy pose any threat and what can I do to stop
that ?