Re: blocking ports
Firstly look through the services you run and see if they can be bound to a
single interface only. If they run from inetd you can replace it with
xinetd to gain this functionality. Secondly (and this may or may not work
I've never actually tried it), you could try rejecting the packets rather
than dropping them. That should return a port closed type message to nmap
so it would be unable to tell that port it filtered.
At 08:34 10/01/2002 -0700, David Bishop wrote:
-----BEGIN PGP SIGNED MESSAGE-----
I'm running a server that's hot to the net, and running some insecure
services (by necessity), like nfs. Of course, I used iptables to block all
those ports, using nmap and netstat to double check all my open ports.
However, what nmap reports back is "filtered" for those ports. I would
prefer if I could somehow make it so that they are "closed" to the outside
world, so that random j. hacker doesn't know that I'm running that service at
all. Is there some way to do that, or do I just live with "filtered"?
TIA and HAND!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org