 | | | Subject: Blocking Ports Using Bastille | Subject: Blocking Ports Using Bastille 2005-09-09 - By Gavin Mellors - BCX SS
Back
Hi
I have installed and configured Bastille as my firewall.
All is well.
I would like to know what ports to block ?
How can I find out what ports are being used/abused?
My users are abusing internet usage by audio streaming, downloading large files
off the net.
This causes valid internet users to experience page timeouts, delays etc.
I would like to restrict this to after 14h00 every day. ( Would I have to
install Squid for this ? )
The Network environment is all XP/98 machines.
My Linux box serves POP3 and HTTPD pages and is the gateway to the internet for
my internal network. It is multi-homed. And uses NAT.
As I mentioned Bastille is running following an excerpt from my bastille
-firewall.cfg file...
# TCP services on high ports that should be blocked if not forcing passive FTP
# This should include X (6000:6010) and anything else revealed by 'netstat -an'
# (this does not matter unless you're not forcing "passive" FTP)
#TCP_BLOCKED_SERVICES="6000:6020"
#
# UDP services to block: this should be UDP services on high ports.
# Your only vulnerability from public interfaces are the DNS and
# NTP servers/networks (those with 0.0.0.0 for DNS servers should
# obviously be very careful here!)
#UDP_BLOCKED_SERVICES="2049"
#
# types of ICMP packets to allow
#ICMP_ALLOWED_TYPES="destination-unreachable" # MINIMAL/SAFEST
# the following allows you to ping/traceroute outbound
#ICMP_ALLOWED_TYPES="destination-unreachable echo-reply time-exceeded"
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
TCP_BLOCKED_SERVICES="2049 2065:2090 6000:6020 7100"
UDP_BLOCKED_SERVICES="2049 6770"
ICMP_ALLOWED_TYPES="destination-unreachable echo-reply time-exceeded"
......
Kind Regards,
Gavin Mellors
Gavin Mellors
Senior Field Services Engineer
Support Services
Office: +27 (0)39 695 0002
Mobile: +27 (0)82 5778675
Fax: +27 (0)39 695 0002
Email: gavin.mellors@(protected)
Web Site: www.bcx.co.za <http://www.bcx.co.za/>
NOTICES:
1. This message and any attachments are confidential and intended solely for
the addressee. If you have received this message in error, please notify the
sender at Business Connexion (Pty) Ltd immediately. Any unauthorised use,
alteration or dissemination is prohibited.
2. Business Connexion (Pty) Ltd accepts no liability whatsoever for any loss
whether it be direct, indirect or consequential, arising from information made
available and actions resulting there from.
3. Please note that Business Connexion only binds itself by way of signed
agreements. 'Signed' refers to a hand-written signature, excluding any
signature appended by 'electronic communication' as defined in the Electronic
Communications and Transactions Act, no. 25 of 2002.
4. Directors: P.A. Watt, L.B. Mophatlane, A.C. Farthing (British), B. Sithole,
L.I. Mophatlane, M.W. Schoeman.
5. Business Connexion (Pty) Ltd Company Registration Number: 1993/003683/07
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859 (See http://iso-8859.ora-code.com)-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2>Hi
</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2>I have installed
and
configured Bastille as my firewall.</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2>All is
well.</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2>I would like to
know
what ports to block ?</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2>How can I find out
what ports are being used/abused?</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2>My users are
abusing
internet usage by audio streaming, downloading large files off the
net. </FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2>This causes valid
internet users to experience page timeouts, delays etc.</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2>I would like to
restrict this to after 14h00 every day. ( </FONT></SPAN><SPAN
class=281260415-09092005><FONT face=Arial size=2>Would I have to install Squid
for this ? )</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2>The Network
environment is all XP/98 machines.</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2>My Linux box serves
POP3 and HTTPD pages and is the gateway to the internet for my internal
network. It is multi-homed. And uses NAT.</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2>As I
mentioned Bastille is running following an </FONT></SPAN><SPAN
class=281260415-09092005><FONT face=Arial size=2>excerpt from my
bastille-firewall.cfg file...</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial size=2># TCP services on
high ports that should be blocked if not forcing passive FTP<BR># This should
include X (6000:6010) and anything else revealed by 'netstat -an'<BR>#
(this does not matter unless you're not forcing "passive"
FTP)<BR>#TCP_BLOCKED_SERVICES="6000:6020"<BR>#<BR># UDP services to block: this
should be UDP services on high ports.<BR># Your only vulnerability from public
interfaces are the DNS and<BR># NTP servers/networks (those with 0.0.0.0 for
DNS
servers should<BR># obviously be very careful
here!)<BR>#UDP_BLOCKED_SERVICES="2049"<BR>#<BR># types of ICMP packets to
allow<BR>#ICMP_ALLOWED_TYPES="destination-unreachable" #
MINIMAL/SAFEST<BR># the following allows you to ping/traceroute
outbound<BR>#ICMP_ALLOWED_TYPES="destination-unreachable echo-reply
time-exceeded"<BR>#<BR># Please make sure variable assignments are on single
lines; do NOT<BR># use the "\" continuation character (so Bastille can change
the<BR># values if it is run more than once)<BR>TCP_BLOCKED_SERVICES="2049
2065:2090 6000:6020 7100"<BR>UDP_BLOCKED_SERVICES="2049
6770"<BR>ICMP_ALLOWED_TYPES="destination-unreachable echo-reply
time-exceeded"</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial
size=2>......</FONT></SPAN></DIV>
<DIV><SPAN class=281260415-09092005><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<STYLE type=text/css>A {
FONT-FAMILY: verdana; TEXT-DECORATION: none
}
A:active {
COLOR: #ff0000; FONT-FAMILY: verdana; TEXT-DECORATION: none
}
A:link {
COLOR: #003366; FONT-FAMILY: verdana; TEXT-DECORATION: none
}
A:visited {
COLOR: #003366; FONT-FAMILY: verdana; TEXT-DECORATION: none
}
A:hover {
COLOR: #ff0000; FONT-FAMILY: verdana; TEXT-DECORATION: underline
}
.small_text {
FONT-SIZE: 9px; COLOR: #003366; FONT-FAMILY: verdana
}
</STYLE>
<FONT face=verdana color=#003366 size=2>Kind Regards,<BR>Gavin
Mellors</FONT><BR><BR>
<TABLE cellSpacing=1 cellPadding=2 width=320 bgColor=#003366>
<TBODY>
<TR>
<TD bgColor=#ffffff>
<TABLE width="100%" bgColor=#ffffff>
<TBODY>
<TR>
<TD width=220> </TD>
<TD width=100>
<TABLE height=37 width=100
background=http://www.bcx.co.za/email/bcx_logo_100pxwide.gif
border=0>
<TBODY>
<TR>
<TD>
</TD></TR></TBODY></TABLE></TD></TR>
<TR>
<TD colSpan=2><FONT face=verdana color=#ff0000 size=2><B>Gavin
Mellors</B><BR><FONT face=verdana color=#003366 size=1>Senior Field
Services Engineer<BR>Support Services<BR><BR>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD vAlign=top noWrap width=14
background=http://www.bcx.co.za/email/sig_phonev5.gif
height=14></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1>
Office:</FONT></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1> +27
(0)39 695 0002</FONT></TD></TR>
<TR>
<TD vAlign=top noWrap width=14
background=http://www.bcx.co.za/email/sig_mobilephonev5.gif
height=14></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1>
Mobile:</FONT></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1> +27
(0)82 5778675</FONT></TD></TR>
<TR>
<TD vAlign=top noWrap width=14
background=http://www.bcx.co.za/email/sig_faxv5.gif
height=14></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1>
Fax:</FONT></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1> +27
(0)39 695 0002</FONT></TD></TR>
<TR>
<TD vAlign=top noWrap width=14
background=http://www.bcx.co.za/email/sig_mailv5.gif
height=14></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1>
Email:</FONT></TD>
<TD noWrap><FONT face=verdana size=1> <A
href="mailto:gavin.mellors@(protected)">gavin.mellors@(protected)
</A></FONT></TD></TR>
<TR>
<TD vAlign=top noWrap width=14
background=http://www.bcx.co.za/email/sig_iev5.gif
height=14></TD>
<TD noWrap><FONT face=verdana color=#003366 size=1> Web
Site: </FONT></TD>
<TD noWrap><FONT face=verdana size=1> <A
href="http://www.bcx.co.za/"
target=_rti>www.bcx.co.za</A></FONT></TD></TR></TBODY></TABLE
></FONT></FONT></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><BR><FONT
class=small_text>NOTICES:<BR>1. This message and any attachments are
confidential and intended solely for the addressee. If you have received this
message in error, please notify the sender at Business Connexion (Pty) Ltd
immediately. Any unauthorised use, alteration or dissemination is
prohibited.<BR>2. Business Connexion (Pty) Ltd accepts no liability whatsoever
for any loss whether it be direct, indirect or consequential, arising from
information made available and actions resulting there from.<BR>3. Please note
that Business Connexion only binds itself by way of signed agreements. 'Signed'
refers to a hand-written signature, excluding any signature appended by
'electronic communication' as defined in the Electronic Communications and
Transactions Act, no. 25 of 2002.<BR>4. Directors: P.A. Watt, L.B. Mophatlane,
A.C. Farthing (British), B. Sithole, L.I. Mophatlane, M.W. Schoeman.<BR>5.
Business Connexion (Pty) Ltd Company Registration Number:
1993/003683/07<BR></FONT>
<DIV> </DIV></BODY></HTML>
--
Shrike-list mailing list
Shrike-list@(protected)
https://www.redhat.com/mailman/listinfo/shrike-list
|
|
|