8Signs & Port Stealth

Discussion in 'other firewalls' started by Diver, Feb 4, 2005.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. Diver

    Diver Guest

    I put CHX-1 on my test box. I don't know what to think about it yet. It took me a while just to navigate around the thing. The sample rule set is loaded, but it does not make much sense right now. It is going to take a while to understand this baby.

    8Signs at least looks like a normal rules based FW.
     
    Diver, Feb 5, 2005
    #26
  2. Diver

    Diver Guest

    Another 8Signs question:

    Did any of you bother to make amore specific DHCP rule than the default one created by the wizard? The default looks broad enough to work in any situation. I managed to create some rules that work with my router. They look a bit strange because i needed a separate inbound UDP rule with the local address being 255.255.255.255 (remote is the router address) and an outbound rule that looks like a standard DHCP broadcast with the local being "My Address" and remote being 255.255.255.255. These came right out of the log. These work, but I wonder if this is a wasted effort, and just using the default rule with both endpoints being "Any Address" is safe enough?
     
    Diver, Feb 5, 2005
    #27
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I wondered about the same thing. I've never really heard of any exploits using dhcp, but I suppose it's possible. In 8 Signs at first I used "any" address, but then later tightened it up to use just my dhcp servers. I have a weird dhcp arrangement here. I don't really understand why, but I have 2 dhcp servers apparently (cable). Outbound requests go to 1 address, and the inbound replies come in from another address. I don't know if that's typical or not, but it's how my ISP works apparently.
     
    Kerodo, Feb 5, 2005
    #28
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    CHX-I takes some getting used to at first. Just make sure you have stateful inspection for TCP/UDP/ICMP turned ON via the Interface Properties menu. I think there's a .jpg showing the settings with the sample rules...
     
    Kerodo, Feb 5, 2005
    #29
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Rule #xx: 'Permit Bootpc'
    Allow All Addresses [68] <-- {DHCP Servers} [67] (LF)

    Rule #xx: 'Permit Bootps'
    Allow All Addresses [68] --> 255.255.255.255/255.255.255.255 [67] (L)

    As Kerodo mentioned you can end up with allowing more than one server. Logging the default rule for a time will help determine which servers your ISP is using. In your case, being behind a router would simplify this. An alternative is to use static IP's on the LAN, disable the DHCP server on the router and no DHCP rules.

    Regards,

    CrazyM
     
    CrazyM, Feb 5, 2005
    #30
Page 2 of 2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...