Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.raspberry-pi > #9231

Re: Changing network ports from closed to stealthed

From David <wibble@btintenet.com>
Newsgroups comp.sys.raspberry-pi
Subject Re: Changing network ports from closed to stealthed
Date 2015-07-31 10:51 +0000
Message-ID <d2128mFj3hiU8@mid.individual.net> (permalink)
References <d1vc4jFj3hiU7@mid.individual.net> <mpfchg$s6g$1@dont-email.me>

Show all headers | View raw


On Fri, 31 Jul 2015 09:46:02 +0100, druck wrote:

> On 30/07/2015 20:27, David wrote:
>> When I DMZ to my Pi (running a VPN server as a test) I can see all the
>> ports as "closed" apart from the VPN port. As I understand it the Pi is
>> sending a negative response to a request to open the port. This tells
>> the far end that there is a device there managing the ports, which is
>> an invitation to try again and expand the range of ports probed.
>>
>> I would like to tell the Pi to ignore all connection requests and
>> stealth the ports.
> 
> I wouldn't use the DMZ feature, as this exposes all the services you
> have running on the Pi to the internet, and you need to be absolutely
> sure you've configured tem all securely. Instead set the router up to
> forward just ssh to the Pi, and set up your ssh client to tunnel all the
> ports your are interested in via the Pi.
> 
> Make sure you configure ssh securely on the Pi, so only authorised
> non-root users can get on, there is plenty of information on the
> internet about how to do this. I have mine set up to only allow a
> special restricted gateway user to be logged on to using a 2048bit RSA
> key and not a password. If forwarding ports this is all that is
> required, if you want to get to a user account, you do an su from there.
> 
> If you forward the ssh port 22 on the router to port 22 on the Pi, you
> instantly see attempts to gain access in the /var/log/auth.log If
> instead you pick some random high number above 1000 on the router and
> forward that to port 22 on the Pi, you'll see far less attempts. Make
> sure you use this new port number with any ssh clients.
> 
> ---druck

Just to note that I am using PPTP and not ssh.

I may at some point move to OpenVPN (or a variant of same) but for initial 
minor use PPTP seems to work O.K.

I know it can be brute forced, but threat assessment suggests that 
allocating 24 hours of serious CPU time to break every PPTP instance 
visible world wide may be too expensive for the projected return.

I may well (as suggested) remove the DMZ configuration and just forward 
one port instead. Firewall rules could also restrict the IP address ranges 
which would be allowed to connect. My TUIT is far from round ATM, 
unfortunately.

Oh, and if the configuration is set to forward all incoming VPN 
connections back out to the Internet, presumably there is no simple way 
for someone connected via the VPN to access the internal LAN?

Thanks to all.

Dave R

-- 
Windows 8.1 on PCSpecialist box

Back to comp.sys.raspberry-pi | Previous | NextPrevious in thread | Find similar | Unroll thread


Thread

Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-30 19:27 +0000
  Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-07-30 20:53 +0000
    Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:52 +0000
      Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-08-02 16:20 +0000
        Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 18:42 +0000
          Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-08-02 19:23 +0000
          Re: Changing network ports from closed to stealthed mm0fmf <none@mailinator.com> - 2015-08-02 20:26 +0100
            Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 20:08 +0000
            Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-08-03 08:34 +0100
          Re: Changing network ports from closed to stealthed Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2015-08-02 19:45 -0400
  Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 21:13 +0000
    Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 17:12 -0500
      Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 22:22 +0000
        Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 19:15 -0500
          Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:19 +0100
            Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 09:33 +0000
              Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 11:23 +0100
              Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:57 +0000
          Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 11:07 +0000
            Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 11:15 +0000
            Re: Changing network ports from closed to stealthed Roger Bell_West <roger+csrp201507@nospam.firedrake.org> - 2015-07-31 11:22 +0000
            Re: Changing network ports from closed to stealthed Graham. <me@privicy.net> - 2015-08-01 17:03 +0100
            Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-08-01 23:30 +0100
  Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-07-31 09:46 +0100
    Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:13 +0100
      Re: Changing network ports from closed to stealthed I R A Darth Aggie <n0b0dy@invalid.invalid> - 2015-08-02 16:24 +0000
    Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:51 +0000

csiph-web