Internet security question

[AmigaMance]

 I have an Amiga 1200. I go online using miami and a 56k modem without a firewall etc.
Lets say that using the "MiamiNetStat -a" command i find out that i have an unwanted open port. How do i close this port? I know that i can log-out, enter the miami preferences and block out the IP, but how can i do it on-the-fly?
 Also, how can i tell that someone is scanning my ports?

[Piru]

Lets say that using the "MiamiNetStat -a" command i find out that i have an unwanted open port. How do i close this port?

Disable the service(s) from the Network Database, Services page.

I know that i can log-out, enter the miami preferences and block out the IP, but how can i do it on-the-fly?

Blocking IPs is not smart. Better just disable all the unneeded services.

Also, how can i tell that someone is scanning my ports?

You can't.

[mr_a500]

Here's an excerpt from the Amiga 'Nukes' document:

    If you see a lovely  *.1599 port  you have been struck.

    It allows a telnet session to connect on that port to your computer.  This
    means a few nasty things can be done. they have access to your systems
    Storage devices..

    To block it...

    those of you running Miami, do this:
     go to 'Databases' menu
     go to 'Services' sub menu
     in that section 'Add' an entry
     in this entry type the following:
     for Name put in: 'DCHack'
     for ID put in '1599'
     for protocol type: 'tcp'
     then go to the submenu called 'IP Filter'
     click on Add'
     in Protocol type '*'
     in Service type 'DCHack'
     in host type '*.*.*.*'
     leave Mask blank
     in Access type 'n'
     in Log type 'y'
     save settings

     This will let you know if anyone attempts to use your HDs/storage mediums.

     ...

How do you avoid the Amiga Nuke???

    By preventing access to the CHARGEN service on your system.
    (Who needs it anyway???)

    I have the following setup in Miami:
    (From the miami screen, select "Databases", and the "IP FILTER" tab)

    TEMP  Protocol  Service  Host     Mask  Allow  Log
1         *         19       *.*.*.*        N      Y
2         *         139      *.*.*.*        N      Y
3         *         *        127.0.0.1      Y      N
4         TCP       AUTH     *.*.*.*        Y      N
5         *         *        *.*.*.*        Y      Y
6         *         $        *.*.*.*        Y      N

[Piru]

@mr_a500

This will let you know if anyone attempts to use your HDs/storage mediums.

If someone is really probing things he'll use stealth scans (SYN, TCP null, FIN, Xmas). These will not show up.

[AmigaMance]

@mr_a500
 Yeap, i'm using these settings ;-)

@piru

 Lets say that using the "MiamiNetStat -a" command i find out that i have an unwanted open port. How do i close this port?

 Disable the service(s) from the Network Database, Services page.

This can be done without the need to log-out and redial? and what if i need these services? I assume that there is no simple way to just close that port?

[Piru]

This can be done without the need to log-out and redial?

Disable all the services except identd (auth). Click Save. Should work without redial.

and what if i need these services?

You don't. If you need something temporarily, enable it and click Use. If you need to set up FTP then you likely want to allow it for LAN ip ranges though.

I assume that there is no simple way to just close that port?

Disable the service. Click save.


[EDIT]Or was it: Close the window for 'use', select Save as default from menu to 'Save'? Been a while I used Miami...[/EDIT]

[AmigaMance]

 @Piru
 Ok, thanks.
It's disable the service, click "Ok" and select "save" or "save as default" from the 2nd menu. :-)

[mr_a500]

If someone is really probing things he'll use stealth scans (SYN, TCP null, FIN, Xmas). These will not show up.

That sounds scary. So someone can actually scan an Amiga HD if you're connected? I thought this sort of thing could only happen if the OS supported it - like Windows with all its "remote control features". What sort of things can someone do on an Amiga running WB 3.1 and Miami?

[Piru]

@mr_a500

No it means that they can tell if the port is open without Miami reporting about the scan. They can't browse anything with stealth scan.

To browse the files a real connection must be established, and this will show up.

[Floid]

Cisco are masters of making the simple complex, but this wins on title alone:

Introduction to Internet


See also their Internet Protocols document, and anything else discussing subjects of interest, like the original IP and TCP Requests For Comment.

[koaftder]

Piru wrote:
@mr_a500

This will let you know if anyone attempts to use your HDs/storage mediums.

If someone is really probing things he'll use stealth scans (SYN, TCP null, FIN, Xmas). These will not show up.

He could always run snort on another machine, then he would see the scans...

[Piru]

@koaftder

He could always run snort on another machine, then he would see the scans...

Sure, but then he'd need to have the modem connected to that 2nd machine and redirect the internet connection to the miggy. A bit cumbersome, but sure, doable.