[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Blocking Ports from showing up in scans




Actually learning IP chains isn't that hard, there are example scripts
everywhere.
But if you wish to have more of a solution in a box, I would suggest looking at
the following products:
Guarddog
Firestarter
Cfire
You can find these and more at
http://packetstorm.securify.com/linux/firewall/
 This month's issue of Maximum linux has reviews and tips on security too. Plus
they include a CD with all the products mentioned and more. It may be worth the
cash to pick up a copy.
Hope this helps

 David


Phill Kenoyer <phill@kenoyer.com> on 11/21/2000 04:14:58 PM

To:   Debian Firewall List <debian-firewall@lists.debian.org>
cc:    (bcc: David Hosey/Operations/ScotiabankGroup)
Subject:  Blocking Ports from showing up in scans



I have a small masq/web server on a DSL.  I would like to make it a bit more
secure.  Its a default install of debian.  I have nfs and samba running for
my workstations to have access to the box.  I have most things turned off
like telnet and ftp.  What I would like to do is block a few ports from the
outside, but keep them for the local net.  I dont really want to learn
ipchains, because I dont have the time right now.  I've very busy, and I
would just like to do my work, but an example of how to do this would teach
me a great deal.  I have not found anything on web searches that would build
the rules for me, that would run on a server without X installed.  If anyone
is willing to do the rules for me, I would really be happy.  Thanks.

eth0 is 10.0.0.1, private
eth1 is public.

My private network is using 10.0.0.x.

ip_masq deb is installed.

I have the following ports open on my server.  I have marked with * the ones
that I want to close off to the outside, and have them not show up in a port
scan.

(The 1505 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh
25/tcp     open        smtp
53/tcp     open        domain
80/tcp     open        http
110/tcp    open        pop-3
*111/tcp    open        sunrpc
113/tcp    open        auth
*139/tcp    open        netbios-ssn
389/tcp    open        ldap
443/tcp    open        https
*515/tcp    open        printer
*829/tcp    open        unknown
*899/tcp    open        unknown
*983/tcp    open        unknown
*2049/tcp   open        nfs
*3306/tcp   open        mysql
*5432/tcp   open        postgres

--
 _   |       _
(_()(|('.|)('||.|()|`|(


--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org








Reply to: