Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Firewall/Configuration

Posted on 2001-08-09
36
Medium Priority
?
245 Views
Last Modified: 2013-12-19
We have an NT/SBS network using local IP addressing (10.0.0.?) and a Pipeline 75 ISDN router with built-in firewall giving us 24-hour internet access.
In spite of using NAT and having the firewall supposedly not allowing inbound WWW traffic, it appears we acquired CODE RED.  I d/l the patch and the symptoms of infection went away.
We don't have any need for anyone to come in to our system from outside (no OWA, no web hosting, etc).
Does anyone have experience in configuring the firewall on this router?  Can you make some suggestions for keeping people out while not hindering people from getting out?
0
Comment
Question by:slink9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 18
  • 9
  • 6
  • +2
36 Comments
 
LVL 11

Expert Comment

by:geoffryn
ID: 6368507
Have you done a scan of your network from the outside?  Is HTTP open?  DOes the Proxy part of SBS actually have a real address on it or is the Ascend doing NAT?
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6368572
Do you need to run IIS, if not turn it off, along with any other unused services.
First rule of Microsoft, disable ALL unused services !!
The default installs so much unused junk !!

I hope this helps !
0
 
LVL 23

Author Comment

by:slink9
ID: 6368582
The Pipeline is doing the NAT.  The local addresses are 10.0.0.? handled by SBS.
I have never done much on security (which could be why we ended up with this thing in the first place) since I thought there was no way in because of the config of the network.  I guess I know differently now.
Can you post some links that provide beginner guidance on scanning from the outside, what ports to check, etc?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 63

Accepted Solution

by:
SysExpert earned 200 total points
ID: 6368638
http://www.cert.org/tech_tips/home_networks.html Firewall and secrity for home and offices
Test firewall ports  and port blocking http://grc.com/

I hope this helps !
0
 
LVL 23

Author Comment

by:slink9
ID: 6368671
We have an intranet which uses IIS.  I have SQL Server enabled and plan to eventually use it, but we have a dula P2/400 with 512 meg in it so performance is not an issue.  I will try that site and report back.
0
 
LVL 23

Author Comment

by:slink9
ID: 6369232
Okay.  Port 80 is open according to that web site.
I can't find out how to close it using either the SCM Connect Manager software of the Pipeline Console.  Who would happen to know how to close it on a Pipeline 50 or 75?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6369279
This tells you how to turn the port mapping on, you should be able to disable it the same way.

https://support.lucent.com/cgi-bin/gx.cgi/GUIDGX-{6949ce8f-d22f-11d2-a303-00c04f72f8ac}/Product/pipe75/General/Technical_Notes/plco0032.html
0
 
LVL 23

Author Comment

by:slink9
ID: 6369323
It didn't load.  Can you post a synopsis?
0
 
LVL 23

Author Comment

by:slink9
ID: 6369399
I found something about enabling port 80.  It didn't say anything about inbound versus outbound.  I am about ready to call in the pros on this one just to get it done.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6369490
Telnet or Console into the Ascend.  Then.

Configure Static Mappings for a Web Server

Go to the following menus and make the selections indicated below:
Main Edit Menu
Ethernet
NAT...
Static Mappings
Static Map 02
Valid = Yes
Dst Port # = 80  (enter the port number based on what traffic you want to allow through. Port 80 is World Wide Web access)
Protocol = TCP  (possibly UDP or TCP depending, on port #)
Loc Port # = 80  (same as the Dst port)
Loc Address = 192.168.100.102/24  (IP address of the web server on the private network)

You should be able to delete the static mapping for port 80 in the static mappings.

0
 
LVL 23

Author Comment

by:slink9
ID: 6369499
That is the same info I had found.  There is nothing there enabling it.  It's apparently enabled by default.  I thought I could leave it as NO and put in Port 80 to disable it.  That didn't go, either.  Next suggestion ...
0
 
LVL 23

Author Comment

by:slink9
ID: 6369533
What I had found was at http://www.stic.net/TECH/ISDN/lucentPipelineAdvancedNAT.html.  It si the same, right?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6369543
How could it forward to you web server without a entry?  How would it know which IP to forward to?  Any chance you could send me the ip at geoffryn@qwest.net?
0
 
LVL 23

Author Comment

by:slink9
ID: 6369694
I had rather not send the IP address.  We have had enough problems so far.  I have passed this on to one of our local computer techs.  Maybe he can figure out how to fix it.  The interesting thing is that TELNET, pop3 and some other functions have been turned off.  I wish I knew how they git turned off.  Maybe I could turn off incoming HTTP also.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6370066
By default if you are using NAT, there should be no services allowed inbound.  Someone had to configure this. Did you set up the Ascend?
0
 
LVL 23

Author Comment

by:slink9
ID: 6370418
My tech contact finally showed me the right setting.  It is one or two levels up above the settings I was already looking at.  That is a setting that I believe I made under the tutelage of one of the ascend techs.  I will make the change tomorrow morning and see if it works.  If so, I will request a points split on this question.  That only leaves me with 25 points, but more will be coming soon.
0
 
LVL 23

Author Comment

by:slink9
ID: 6373250
Avtually the tech showed me the same link.  He doesn'y know how to fix this either.  I was thinking that I could use the redirect (which is not set up now) to send it to a non-existent port, but grc.com still says that I have port 80 open.  Any more ideas?
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6373821
Is it redirecting to your IIS server?  Where is is going?
0
 
LVL 23

Author Comment

by:slink9
ID: 6373924
It is automatically redirecting to the IIS server when the ip address is entered in a web browser.  It was when I had nothing in the redirect section and the 10.0.0 address of the server in the Def Server spot.
I don't know if it is still doing that but the web site tells me that port 80 is open.  I can't visit that ip address because it is the source IP address.  I will try that from home if I can remember to.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6373950
A decent port scanner should be able to tell you if the port is open on IIS or Apache or some hardware based HTTP server.
0
 
LVL 23

Author Comment

by:slink9
ID: 6373962
Hardware or software?  If software can you give me a link?  I had found some shareware before I got called away to do something else.  I will take a look again and see what I can find.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6374021
Software is fine.  I like SuperScanner.  You can find it at www.foundstone.com
0
 
LVL 23

Author Comment

by:slink9
ID: 6374080
I saw FoundScan but that is a service that they offer for a fee.  I am trying to find something which is either freeware, shareware, or that I can purchase for a one-time fee.  I downloaded a program called Port Detective but it won't connect to their servers, therefore it won't run.  Any other suggestions?
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6374115
Here's one that's free.


 SNORT:
 http://www.w2knews.com/rd/rd.cfm?id=052101TB-SNORT


I hope this helps !
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6374121
ALso

    Linux      Security software:  Nmap also has an NT version !!

 - nmap (www.insecure.org/nmap ) lets you scan for vulnerabilities on a network. Also ge nmapfe (X front end for nmap)

I  hope this helps !
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6374124
0
 
LVL 23

Author Comment

by:slink9
ID: 6374146
I was unable to find an NT version of NMap.  Do you have a direct link to it?
0
 
LVL 23

Author Comment

by:slink9
ID: 6374159
I like SuperScan also.  I scanned our local server IP address and it verified that port 80 is open.  It doesn't matter that it is open if our router won't let anyone reach it, though.  I am going to try to get in from home this weekend.  I also came across the docs for the Pipeline so I will look through them this weekend if I can and try to find out how to turn off that port.  Thanks.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6374172
Sorry- You have to compile it yourself for win32 !!

see :

http://www.insecure.org/nmap/nmap_portability.html

I'll keep on looking !
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 6374242
Here we go,
ttp://www.gfi.com/languard/lantools-ps.htm
http://www.jpsoft.dk/uk/freeware.html  Local port scanner and other nice utilities

That should help you !
0
 
LVL 56

Expert Comment

by:andyalder
ID: 6375281
Bear in mind that lots of these routers have IIS imbedded within them for management so the router can get infected with Code Red II and then infect the internal hosts without any forwarding setup to internal hosts.

 www.nwfusion.com/news/2001/0808codereddsl.html
0
 
LVL 56

Expert Comment

by:andyalder
ID: 6379420
If you telnet to it on port 80 and press return a couple of times you might get an error message telling you what OS/webserver combination is listening to that port, or http://www.netcraft.com/sslwhats/ can tell you if you enter <IP address>:80 .
0
 
LVL 23

Author Comment

by:slink9
ID: 6379470
No imbedded IIS.  I have a good program for looking at the ports, but still haven't found a way to stop port 80 at the router.  I looked over the docs this weekend and didn't see any helpful suggestions.  The question still remains - how do I close port 80 at the router?  I want outgoing but no incoming.  Is other software required?  Does anyone out there have an "in" with Lucent who can find this out?
0
 
LVL 23

Author Comment

by:slink9
ID: 6383781
I finally found it.  It was a rather easy fix.
In the User's Guide there is a section called SETTING UP PIPELINE SECURITY.  Imagine that.
grc.com now reports all ports as stealth.  I changed

Ethernet > Answer Profile
Profile Reqd = Yes

Outgoing does not appear to be affected while there should be no incoming capabilities.  I still won't give the IP address because that is just a challenge to get around this security.  Thanks for the help.

I am going to request a points split between Sysexpert and geoffryn.
0
 
LVL 3

Expert Comment

by:modder
ID: 6383842
Hi slink,

I've reduced the points to 50 but I think you know how it works so I won't post the whole manual here...... happy point-splitting.... :-)

modder
Community Support Admin
0
 
LVL 23

Author Comment

by:slink9
ID: 6383933
Look for points split entry, geoffryn
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question