Dev1 Galaxy Forum / UFW Rules: Can anyone confirm this?

Re: UFW Rules: Can anyone confirm this?

dummy@example.com (ralph.ronnquist) — Mon, 02 Oct 2017 21:20:17 +0000

To be clear, ICMP is a protocol and not a port; it's the Internet Control Message Protocol, whereby routers may exchange meta-data about IP level connectivity. There are several networking protocols to consider, both within the IP class (such as in particular TCP and UDP), and outside the IP class (in a range of varying obscurity).

As said before, there is no such thing as "invisible" on the Internet, short of not being connected at all. But there is a gray scale of "protection layers" of setting blockages for certain network traffic, depending on how you want your host to handle it. I'.e., like the rules you showed on top, which indeed tells the host to drop certain incoming ICMP packets, rather than deliver them to their normal handling (by the kernel). I think you'd do well in dropping IGMP as well, and then consider blocks for TCP and UDP messaging, which offer the majority of intentionally harmful networking.

Re: UFW Rules: Can anyone confirm this?

dummy@example.com (JoshuaFlynn) — Mon, 02 Oct 2017 12:37:46 +0000

Those specific rules, to my knowledge, block the ICMP port (something that, strangely, you can't block using the graphical front end of GUFW), which means your computer would be invisible in the sense of replying to pings, but that's only on the ICMP port.

If your computer 'reaches out' via some other port, then it won't be entirely invisible, likewise if there are any ports that are open or explicitly give rejection messages (as opposed to simply dropping them).

If you want to determine how 'quiet' your machine is, from an external machine (there are some limited capacity sites that offer this) you will want to try to use nmap to do a full blown port scan coupled with an OS detection attempt on your given external IP.

If nmap detects any services, ports in use, or is able to guess it's OS (with reasonable accuracy), then it's not 'quiet' (I use 'quiet' to distinguish from 'invisible' because nothing is truly invisible, even airgapped networks can be penetrated). Naturally, if you connect to any web service then that service knows you're active. Even if your system is 'quiet' a Trojan or backdoor could still 'leak' information out.

It's also worth noting that even if your own machine is 'quiet', your router might not be.

Regardless, it's a good idea to keep the ping reply 'quiet' on a system, because part of avoiding an attack is not letting an attacker know there is something there to be attacked.

Re: UFW Rules: Can anyone confirm this?

dummy@example.com (MiyoLinux) — Sat, 30 Sep 2017 00:46:43 +0000

Thanks Racoton.

Re: UFW Rules: Can anyone confirm this?

dummy@example.com (Racoton) — Fri, 29 Sep 2017 21:34:53 +0000

"Completely invisible" there is nothing connected to a network. If you use those rules and for example do not block arp queries, your machine will not be "invisible" to the curious and resourceful minds.

UFW Rules: Can anyone confirm this?

dummy@example.com (MiyoLinux) — Fri, 29 Sep 2017 14:43:02 +0000

I read that someone entered these rules for UFW, and it resulted in their computer being completely invisible on the internet. I'm wondering if someone more familiar with UFW rules (than I am) can confirm this. Here are the before.rules that they listed...

    -A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
    -A ufw-before-input -p icmp --icmp-type source-quench -j DROP
    -A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
    -A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
    -A ufw-before-input -p icmp --icmp-type echo-request -j DROP