Reply
 
Thread Tools Display Modes
  #1  
Old 04-12-2007, 12:56 AM
damatta damatta is offline
Member
 
Join Date: Feb 2007
Posts: 42
Thanks: 0
Thanked 0 Times in 0 Posts
Default Getting stealth with PF firewall?
Hiya,
as you might have noticed, I come from windows world.
I know not how to make my PC stealth, as i checked in grc.com and the report was:

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.


Does PF works a little like the average windows "firewalls" around? that is, filtering unsolicited traffic, adjusting open connections speed (to increase network performance), detecting typical network attacks such as: flood, scans, arp attacks, etc.
By the way, can I make snort do all that easily?

Thanks in advance
Reply With Quote
  #2  
Old 04-12-2007, 03:15 AM
dracheflieger dracheflieger is offline
Senior Member
 
Join Date: May 2006
Location: Greater State of Northern Kaliforneea
Posts: 2,880
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Look at your /etc/pf.inports file...those ports listed are the ones that are open. comment out or add to, then reboot or as root in a c/konsole, issue the command
Code:
/usr/local/etc/rc.d/pf_rules restart
I think it is ALTQ that allows network limiting as far as speed. and despite what something like shields up will suggest, this is one of the most secure OSes on the planet.
Reply With Quote
  #3  
Old 04-12-2007, 07:08 AM
antik antik is offline
Senior Member
 
Join Date: Jul 2005
Location: Estonia
Posts: 3,610
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Getting stealth with PF firewall?
Originally Posted by damatta
Thanks in advance
http://www.openbsd.org/faq/pf/
__________________
"All parts should go together without forcing. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1975
Reply With Quote
  #4  
Old 04-22-2007, 02:34 AM
damatta damatta is offline
Member
 
Join Date: Feb 2007
Posts: 42
Thanks: 0
Thanked 0 Times in 0 Posts
Default
What is in pf.conf will overwrite my custom rules? I made some rules to block all ICMP and [SYN] requests to all ports, except those of emule and bittorrent.
Messenger spam, unrequested 'pings', port scans are hiting me very often! even when I'm idling...
I know not what went wrong.
By the way: Does the default config in PF foils OS detection, common DOS, and other attacks?
because I couldnt test it properly from the loopback interface, yet.
Reply With Quote
  #5  
Old 04-22-2007, 03:49 AM
dracheflieger dracheflieger is offline
Senior Member
 
Join Date: May 2006
Location: Greater State of Northern Kaliforneea
Posts: 2,880
Thanks: 0
Thanked 0 Times in 0 Posts
Default
KMenu -> Settings -> System Administration -> PC-BSD Services -> root password and Disable Startup PF Generator.
Reply With Quote
  #6  
Old 04-22-2007, 09:40 AM
antik antik is offline
Senior Member
 
Join Date: Jul 2005
Location: Estonia
Posts: 3,610
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Originally Posted by damatta
What is in pf.conf will overwrite my custom rules?
Edit /usr/local/etc/rc.d/pf_rules file instead. It will regenerate your /etc/pf.conf next boot. In case you may want to add additional ports then add them into /etc/pf.inports. No need to edit your pf.conf anymore.
__________________
"All parts should go together without forcing. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1975
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall GUI Tanked Feature Requests 5 01-08-2007 10:19 AM
BSD Firewall ?? damienjp General Questions 3 11-04-2006 06:53 PM
firewall Lightning General Questions 3 08-30-2006 02:51 PM
pc-bsd have a firewall? General Questions 5 06-16-2006 08:49 PM
Firewall General Questions 5 09-27-2005 12:21 AM


All times are GMT. The time now is 09:41 AM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

Copyright 2005-2010, The PC-BSD Project. PC-BSD and the PC-BSD logo are registered trademarks of iXsystems.
All other content is freely available for sharing under the terms of the Creative Commons Attribution License.