Re: [ProgSoc] port scanning, mapping, and hiding

[Murray Grant <ligos@nospam.yahoo.com>]

From:           	jedd <jedd@nospam.progsoc.uts.edu.au>
Send reply to:  	jedd@nospam.progsoc.uts.edu.au
Organization:   	Barely Organised
To:             	ProgSoc <progsoc@nospam.progsoc.uts.edu.au>
Subject:        	[ProgSoc] port scanning, mapping, and hiding
Date sent:      	Sat, 20 May 2000 16:46:39 +1000
Forwarded by:   	progsoc@nospam.progsoc.uts.edu.au
Date forwarded: 	Sat, 20 May 2000 16:11:20 +1000

I've got O@nospam.H installed over a month ago and I havn't had a serious problem  related to my setup (a bunch of win98/win2k machines running through a  masqueraded linux box).

>  Howdi,
> 
>  I'm about to get Optus@nospam.Home installed (woo woo!), but was
>  a wee bit disturbed at the hard-word they laid on during the
>  registration process.  Apart from the obvious things they're
>  scared of (real operating systems, PC's made before 1999,
>  purple iMacs, etc) .. they made it quite clear that if the tech,
>  when they came out to do the install, found any trace of a
>  network, they'd walk out the door.

They never said anything along those lines to me. I even told them that I wanted  to install it as a shared connection. The techs that installed the modem and  cable want to install it on a win9x or mac machine. But after that, they couldn't  care less what I did (they even wished me good luck to getting it working under  linux).

>  Since I actually do want 1990's quality connectivity to the
>  net, I assured them I was running Win95, and didn't know
>  what they meant by the word 'network', yadda yadda.  And
>  when the tech comes, that's what she'll find.  But .. some
>  questions, in part at anyone who already has optus@nospam.home.
> 
>  Is it within the AUP to fiddle with port-scanning from ftoomsh
>  to my machine thru the ZIP network, say?  I'd be doing it
>  specifically to my IP address -- with the sole purpose of
>  ensuring that my linux box looks a lot less smart than it really is.

I think thats completely within your rights (the words "port" and "scan" don't  exist in the AUP).

> 
>  If so, what tools are good / allowable / user-level-runnable,
>  from ftoomsh (or elsewhere on progsoc machines) to do this
>  kind of portscanning?

There is a web based port scanner avaliable here:
https://grc.com/x/ne.dll?bh0bkyd2
It's pretty limited, but it is free.

> 
>  Is anyone between progsoc.uts.edu.au and the .zipworld.com.au
>  domains going to be monitoring / likely to get shirty / etc?

I doubt anyone is going to care about a simple port scan. It's probably not a  good idea to probe above port 1500 though, there's very rarely anything up  there, so you're just wasting your time.

> 
>  How legally <speculative> binding is it for a company to provide
>  a service that prohibits you from utilising an alternative operating
>  system, at some point in the future.  I mean - where does their
>  service stop, and my property / responsibility start?

I don't think Optus can take the service away from you simply because you  have the modem attached to a linux box. But i'm not 100% sure of the legal  mumbo-jumbo in that area. 

> 
>  For anyone that's been thru this process, how much trace-removal
>  do I need to do from the win95 box?  Obviously, network card
>  goes, mapped drive letters go, etc .. but there's still going to be
>  the occasional reference on the day, I'm sure, hidden in the registry.
>  Are they likely to check this kind of thing?  <paranoid>
> 
>  I didn't want to ask them on the phone, in case I got a black mark
>  against my virtual name, but I'm curious what theirs (and Telstra's)
>  solution is for households that have two people that want to use
>  the net at the same time.  Or for households where two computers
>  are hooked up purely for the purpose of playing Quake, say.

Use some form of NAT/proxy server (or both) on the machine thats physically  connected (I have a friend that is using an NT4.0 box as a NAT/proxy server).  So long as you don't occupy lots of bandwidth, they probably won't notice or  care.

Optus is most concerned with people setting up web/ftp servers on a cable  modem (which is why they explicitly say that you can't in their AUP). Two  people playing quake on a single connection will definately flood your narrow  (128-160kb/s) upstream connection.

> 
>  Murray posted a URL a while ago (http://metrak.com/OaH/OaH-Linux.html
>  that covers the dhcpd / eth0 & 1 configuration stuff -- but doesn't
>  touch on the port hiding / dodging aspects.  Does anyone have some
>  documentation on this -- not just using portmap to hide everything,
>  but (a la www.microsoft.com and apache ;) modifying some apps to return
>  the kinds of responses down different ports that you'd expect Win9x to do.
>  (Is this kind of preparation even likely to be useful / necessary?)

Apparently, the port scans that Optus do come from the 203.164.1.xxx subnet.  My linux box blocks all connections from that subnet to http/ftp/telnet ports  (these are the services i'm running). Thats about the extent of my precautions,  except from having the finger port trigger a system log entry. 

Check out the "ipchains-HOWTO" file and this link for more help on firewalling:
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html

I would say that making the linux box look like a windows box is too much hard  work and not really necessary. Optus will complain if they find a web server  running on your computer one way or the other.

> 
>  Note that I don't want to actually serve anything, or even run something
>  as harmless as smtp out from the box .. I just don't want to have to
>  dial-up to the net, concurrently, just so my flatmate and I can both read
>  our mail at the same time.

this might be relevant:
----
8.5. You may not run network services or provide network services to others via  the Optus@nospam.Home residential service. The use of a Local Area Network (LAN)  for personal use is permitted. The Optus@nospam.Home residential service includes  personal WebSpace accounts for publishing personal web pages. Examples of  prohibited use include, but are not limited to, providing network services for e- mail, http, ftp, irc, dhcp or multi-user interactive forums.
----
The way I read this, you can share the connection within your house for private  use only. You are not allowed to set up any network services at all.

- You are subscribed to the progsoc mailing list. To unsubscribe, send a message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au. If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.