[CLUE-Tech] proper setup of NAT

Russell Glissmann rglissmann at rfgsolutions.com
Tue Aug 3 08:58:32 MDT 2004 

I don't think that this is particularly a hole, per se.  I've seen
scripts before that would reveal the internal address.  Check out this
site: http://reglos.de/myaddress/MyAddress.html.  This uses a Java
Applet to find the local address.  Seems like there is a way using
JavaScript also, but a cursory google didn't bring it up.

Russ
On Mon, 2004-08-02 at 22:55, Mike wrote:
> All,
> 
> The power supply on my firewall recently died so after replacing it I
> discovered that my firewall floppy disk was unreadable. I'm using Coyote
> Linux.  After remaking the firewall floppy, I had a little trouble
> getting the ports open that I wanted (22 and 25). So to debug this I did
> a port scan using the site at www.auditmypc.com. In addition to the open
> ports it returned this ominous sounding message:
> 
> 	Notice!, your natted (or real) IP address is 192.168.0.10.
> 	This information can be used to track your activities.   I
> 	should not be able to obtain this information if your security
> 	is properly configured!
> 
> Okay, so what do I need to change/add to my iptables so that my real IP
> address is hidden? And for background info, I know very little about
> iptables. I'm looking for an exact command ;). (I know I should learn
> more about iptables but so much to learn in Linux so little
> time...sigh...I thought I would be better off getting a ready-made
> firewall.)
> 
> 
> On another security note I've gotten a handful of these type of log
> messages:
> 
> Jul 30 21:20:06 xxx sshd[12529]: Illegal user test from 211.184.226.193
> Jul 30 21:20:18 xxx sshd[19500]: User guest not allowed because shell
> /dev/null is not executable
> 
> 
> So someone in China or Korea is trying to log into my machine that is
> behind the firewall. I have no user test on this system. I do have a
> guest account but as the log says the shell is /dev/null. What is the
> purpose of the guest account? Can I safely delete the guest account? Is
> there still a risk with user test even though I have no user test? In
> short, what should I check or change to make sure these knuckleheads
> don't get in? I've recently ran chkrootkit and all was okay from that
> aspect. Anything else I should check to make sure this box hasn't been
> cracked?
> 
> Thanks for the help,
> 
> Mike
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech

More information about the clue-tech mailing list