Re: blocking ports

To: tech@bishop.dhs.org, debian-isp@lists.debian.org
Subject: Re: blocking ports
From: Dave Watkins <debianisp@snorks.dyndns.org>
Date: Fri, 11 Jan 2002 09:36:08 +1300
Message-id: <[🔎] 5.1.0.14.2.20020111093211.02dbb9e8@mail.snorks.dyndns.org>
In-reply-to: <[🔎] 200201101537.g0AFbv312063@mail-srv1.micron.com>

Firstly look through the services you run and see if they can be bound to asingle interface only. If they run from inetd you can replace it withxinetd to gain this functionality. Secondly (and this may or may not workI've never actually tried it), you could try rejecting the packets ratherthan dropping them. That should return a port closed type message to nmapso it would be unable to tell that port it filtered.


At 08:34 10/01/2002 -0700, David Bishop wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm running a server that's hot to the net, and running some insecure
services (by necessity), like nfs.  Of course, I used iptables to block all
those ports, using nmap and netstat to double check all my open ports.
However, what nmap reports back is "filtered" for those ports.  I would
prefer if I could somehow make it so that they are "closed" to the outside
world, so that random j. hacker doesn't know that I'm running that service at
all.  Is there some way to do that, or do I just live with "filtered"?

TIA and HAND!

- --
D.A.Bishop
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8PbSkEHLN/FXAbC0RAujUAJ0V5VD9ct2NbznFwtg4+j6D/rtmzACdEFDy
EUlPKvw//odhMmweQ5Yx5dw=
=3oEF
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- blocking ports
  - From: David Bishop <tech@bishop.dhs.org>

Prev by Date: Re: tweaking samba and windows
Next by Date: Re: xinetd /etc/host.deny ALL:PARANOID
Previous by thread: Re: blocking ports
Next by thread: Re: blocking ports
Index(es):
- Date
- Thread