Cybersecurity

ipables - stealth port 80

This is how I did set up my iptables. It's basic, easy and simple, but it suits my needs.

Code:

    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -j DROP

What I'm not happy yet is about port 80. At the "stealth up" test, it is shown as closed. I would rather prefer it to be stealth. i know most people advocate that closed or stealth, is equally secure. I wouldn't argue that. It's just because, if there's no difference, then my preference is to have it shown stealth.

Now, I'm quite new to Linux and don't have a clue about getting that change done. I tried to search for a solution here in the forums, but got a 4 page results.... and also tried earlier to google it, with no success.

Any help would be much appreciated.

First, what's the "Stealth Up" test? Never heard of it.
Second, how can Port 80 show up "closed" if it's explicitly opened (line 3)?
Third, unless this is your home box I'd leave the SSH port open, too.

You are totally right. There's some typos at my post.

"First, what's the "Stealth Up" test? Never heard of it."
What I wanted to mean is a test under (or linked by) "grc dot com". They call it the "Shields up!" One of the services they offer, as per the user choice, is a scan of "all service ports" under the IP number of that user. Ok. I'm sure you got it now.

Following my IP number "being carefully examined", from ports 0 to 1055, the results were: "Failed"

because:
1 - "Solicited TCP Packets: RECEIVED (FAILED) - As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active"

BUT:
2 - "Unsolicited Packets: PASSED - No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)."
3 - "Ping Echo: PASSED - Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server."

AND
This is the written report from the test:
GRC Port Authority Report created on UTC: 2010-08-13 at 02:17:11
Results from scan of ports: 0-1055
0 Ports Open
1 Ports Closed
1055 Ports Stealth
---------------------
1056 Ports Tested
NO PORTS were found to be OPEN.
The port found to be CLOSED was: 80
Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

SO...
As per the above written report, I hope it's clear now why I would like to find a way to have port nº 80 to be shown as "stalth" (of course, if possible and still keeping the possibility to surf the net).
Do you think is better not to care about this people at "grc" and try to find a better way to assure that my system is hardened enough?


ps: pludi: regarding port 80, yes, this is my home box.

OK, for surfing you don't need to open port 80/TCP incoming. The system will choose a random high port (>1024) for communication going out to the HTTP port, and others. Besides, hardening a system doesn't stop at configuring your firewall.

As for that site: I wouldn't trust them further than I could throw them.

pludi, thanks a lot for your answer. What you've said about that site, is in line with a few pieces and beats I had read, here and there. Anyway, I thought the above mentioned test was accurate, although It seemed to me that the conclusion, comparing the graphic result to the written report, was contradictory.

As you said, I understand that "hardening a system doesn't stop at configuring your firewall". The code I used for my firewall is a very basic one, taken somewhere from an Ubuntu wiki for beginners.
Linux hardening is an all vast subject that I've been trying to get through, but I'm aware that I'm yet far to have it all.

Just before closing this thread, or marking it "solved", would you recommend, just for surfing, that I eliminate the code that is closing port 80, and do nothing else, regarding this firewall?

For firewall configuration, you can use the ufw utility, as described here. Other than that, you only need to allow incoming connections to services running on your local box, or are related to an existing connection (by using the conntrack module as in your script).

Ok, thanks. I'll have a look at both, and in the meanwhile, will carry on learning a beat more about this security Linux "world".