Announcement

**GreyGeek** · Aug 06, 2010, 12:42 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

Originally posted by zlow

....
By the way practically *NOBODY* leaves their computers "default" so this is just another of your stupid inaccurate arguments.

Did I say anyone did? You seem to be looking for a fight.

Your personal attacks are unnecessary. So is bringing your Windows attitude and thinking to a Linux environment.

**zlow** · Aug 06, 2010, 01:22 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

Originally posted by GreyGeek

Originally posted by zlow

....
By the way practically *NOBODY* leaves their computers "default" so this is just another of your stupid inaccurate arguments.

Did I say anyone did? You seem to be looking for a fight.

Your personal attacks are unnecessary. So is bringing your Windows attitude and thinking to a Linux environment.

You threw the stone GreyGeek, and now you are throwing more of them with your nonsensical argument that I somehow have a "Windows" attitude. You know nothing about me, yet here you are passing judgement. Perhaps you should step down off of your pedestal, and educate yourself in Linux security practices rather than spreading more bad information to people that look to you as a leader in this forum. Pretending that I am attacking you is pretty ridiculous, I suppose this is your way of trying to get rid of me though. Good luck, I'm not the bad guy here sitting in the threads and misinforming Linux users, that would be you sir.

**GreyGeek** · Aug 06, 2010, 03:00 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

I "threw the stone"?
You a remarked:

Linux is pretty robust, but without a firewall any script kiddie can find his way in if there are open ports with unpatched issues

To which I responded without any personal reference to you, personally or otherwise, unless you believe that responding to your posts without agreeing with them is "throwing a stone".

You, however, made this your first sentence in your next post:

Please stop pretending to know what you are talking about when you obviously don't.

That, sir, is a stone. You threw it. You should refrain from Ad Hominem attacks.

**Ole Juul** · Aug 06, 2010, 05:51 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

Originally posted by zlow

Linux is pretty robust, but without a firewall any script kiddie can find his way in if there are open ports with unpatched issues. Just as important, there are a number of packet injection attacks that iptables would normally block if enabled and configured to drop packets originating from the outside with internal addresses. A users IP would turns up with a simple nmap, and a simple arp reveals the MAC address.

http://en.wikipedia.org/wiki/Internet_protocol_spoofing

Yeah, I agree that wireshark isn't for beginners. It is a very powerful tool though, and extremely useful for inspecting and decoding traffic. You need to run it with root privs for it to be able to put your network interface in promiscuous mode. Wireshark uses libpcap, you can get a lot of the same data with 'sudo tcpdump -i eth0 -vvv -xxx -s0 -w outputfile' and then read it with vi. Wireshark ads value in that you can filter in realtime, decode streams, etc.

Well, I'm a beginner, but I could spend a bit of time with wireshark and learn something, it certainly looks like it has value. For now I'll stick to the command line because I can use examples and not have to read (and understand) the whole man page.

So I just tried nmap and issued the following: nmap -n -sP -oA nmapfile 192.168.1.0/24 For my little network I guess a file wasn't needed, lol, but anyway it got 6 out of 7 computers. Then since you suggested arp, I installed arp-scan (very cool!) and tried: sudo arp-scan --localnet That is very useful - thanks! However that only got 5 out of 7. I understand that it doesn't count the interface it's running from but the other missing machine is the same as the one missed by nmap. To me this hints at just how interesting DOS is for networking. At least to these tools it appears invisible. Lots of fun.

**PhilT** · Aug 07, 2010, 05:32 AM

Re: Is it possible for some hacker to get access to my modem and HUB?

I just noticed this thread and thought I'd follow Grey Geek's advice and run ShieldsUP! on grc.com.

I got an all green result indicating all ports closed, but the report said my security was still compromised because I'm still open to Ping Reply :-

Quote : Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

Question. How do I set the router to ignore Ping requests? And, is that a good idea?

**GreyGeek** · Aug 07, 2010, 11:39 AM

Re: Is it possible for some hacker to get access to my modem and HUB?

Did you by change mess with ufw or sysctl.conf after your install?

There's a couple ways, if not more, to block echo replies.

Open a konsole.
kdesudo kwrite /etc/ufw/before.rules
Comment out this line:
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
so it looks like this:
# -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

Personally, I wouldn't do that one.

What I would do is issue
sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1
in a konsole, which should block echo replys immediately, then retry ShieldsUp! to see if the Echo Reply fails. You should get a clean test.

To make it permanent edit the /etc/sysctl.conf file
kdesudo kwrite /etc/sysctl.conf
and add
net.ipv4.icmp_echo_ignore_all=1

And aside: the sysctl.conf file puts spaces around the "=" signs of commands that are commented out, but the active commands do not have spaces around the "=" sign so they are correct. If you edit the sysctl.conf file do a global replace on " = " with "=" before you save the file.

**skunk** · Aug 07, 2010, 12:11 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

Originally posted by PhilT

Question. How do I set the router to ignore Ping requests? And, is that a good idea?

There should be a checkbox somewhere in your router setup that lets you set whether the router should respond to pings. On my router it is located on the page called "WAN Interface Setup" and the option is called "Enable Ping Access on WAN".

I think its a very good idea to disable it.

**Ole Juul** · Aug 07, 2010, 01:26 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

Originally posted by PhilT

I just noticed this thread and thought I'd follow Grey Geek's advice and run ShieldsUP! on grc.com.
. . .

Question. How do I set the router to ignore Ping requests? And, is that a good idea?

I'm a little dubious about the usefulness of the ShieldsUP service. I just ran it again and it didn't tell me anything useful. One problem is that it picks the wrong IP. I'm not sure what's up with the Telnet server lecture either. Of course there's a telnet server! Every box from here to you has one so our ISPs don't have to get in the car and drive out to every remote location. It's the way the internet works. Frankly, I'm tired of hearing about it.

Regarding ping, there is a difference between not returning a ping and there being nothing there. If a host does not return a ping, you know that there is something there. It's the equivelant of "nobody here but us chickens" and doesn't really work.

However, if you get back "Destination Host Unreachable" then you don't know for sure if there is anything there or not.

**zlow** · Aug 07, 2010, 03:05 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

Try playing around with the nmap options like -sS and ports above 1024. Another really good tool to play with is Nessus.

**zlow** · Aug 07, 2010, 03:10 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

Originally posted by GreyGeek

Please stop pretending to know what you are talking about when you obviously don't.

That, sir, is a stone. You threw it. You should refrain from Ad Hominem attacks.

That is not an ad hominem attack. Your later reply to a question about configuring a router by altering the desktops kernel parameter to disable ping makes it a fact.

As I said, step down from your pedistal and learn about Linux security before preaching it.

Do that, and well you won't see sharp replies from me.

[/quote]

**zlow** · Aug 07, 2010, 03:17 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

@Ole Juul - it is a better practice to drop icmp and tcp packets rather than rejecting, that is the site's 'stealth' mode. A determined hacker will scan for all 65535 ports, if you use upnp or forward any that person will find them. As long as there are no known vulnerabilities, and you are rejecting ingress traffic at your firewall there is little a malicious persson can do without resorting to social engineering.

**kubicle** · Aug 07, 2010, 09:47 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

Originally posted by zlow

it is a better practice to drop icmp and tcp packets rather than rejecting, that is the site's 'stealth' mode.

It can in some cases be a better practice (where server discovery is an issue), but one cannot "get in" through a closed port any more than a hidden one.

---
Firewalls are excellent tools, but they're not the be-all-end-all solutions to desktop/server security.

When installing a service that listens to outside traffic on a port (like a http-server), one normally wants to allow connections to it from everywhere (although there are exceptions), and secure configuration of the server is much more important than a firewall. And when not having listening services running, a firewall does rather little to increase safety.

Of course, users that don't know much about computers or servers, can almost always benefit from having a hardware/software firewall between them and the net as a safety net ("what's an ssh server, I think I'll install one just in case I ever need one")

**GreyGeek** · Aug 07, 2010, 11:12 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

Originally posted by zlow

...
Your later reply to a question about configuring a router by altering the desktops kernel parameter to disable ping makes it a fact.

....

Wow... I flat didn't see the word "router" in the question.

But, I don't consider myself to be on a "pedistal" or to be pontificating, any more than you consider yourself to be arrogant. Just trying to help the best I can.

**kyonides** · Aug 08, 2010, 01:03 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

Originally posted by GreyGeek

Originally posted by zlow

Originally posted by Ole Juul

....
I don't think Kubuntu installs a local firewall by default does it? Linux is pretty robust so I suppose one could get away without for a while but surely that would end in disaster.

Linux is pretty robust, but without a firewall any script kiddie can find his way in if there are open ports with unpatched issues
...

IPtables IS installed but no rules are set. However, the default configuration of Ubuntu, hence Kubuntu, is that ALL ports are closed. You can verify this by visiting ShieldsUp! and running that port scanner against your box. It should give you an all green board for all 1,056 ports it tests (the ports exposed to the Internet).

Because all ports are closed, even IF a script kiddie knew your IP address his attempts to create a connection would fail because, as I mentioned before, he couldn't get beyond first base because no port returns the SYN-ACK reply necessary to continue on to a complete 3-way handshake and connection. "Script Kiddies" be definition are those precocious kids without formal training who download some script or binary from a warez site and then attempt to use it against any computers they can, all for the "glory" of the bragg. Most of those kiddies are long gone. It's the professional thieves who are doing all the damage now, and they are doing it for money. Their attacks, as sophisiticated as they are, are a threat primarily only to Windows boxes. Despite their sophisition the only attack they are able to use against Linux, and it is difficult and marginally successful, is breaking into distros that don't close all their ports by default and running dictionary attacks against passwords. The largest Linux bot farm they have created to date contained only 700 machines after several months of trying. (Not every distro closes all their ports the way Ubuntu does, and not everyone uses good passwords). Considering that the Linux server share is well beyond 30% (60% on the Internet) and the desktop market share is beyond 12%, if Linux were as vulnerable as Windows one should expect to see an equal proportion of Linux zombies in bot farms. So, that 1,300,000 bot farm last year should have contained over 130,000 Linux zombies, but it contained NONE. Linux boxes are to hard to break into to be used as zombies. If a hacker does get a hold of one it is usually used as a control box.

Well, by running the ShieldsUp test while working on my Kubuntu, eh, I could get tired of looking at too many blue spots and just a couple of green ones...

**kyonides** · Aug 08, 2010, 08:52 PM

Re: Is it possible for some hacker to get access to my modem and HUB?

No matter if I know that no ping will get any info from my PC while running Kubuntu LL at least and having ufw in active status, I still get the same results from before I learned how vulnerable my ports were. What should I do now?

(Remember I'm still some kind of newbie...)