Re: Blocking Ports from showing up in scans
Actually learning IP chains isn't that hard, there are example scripts
everywhere.
But if you wish to have more of a solution in a box, I would suggest looking at
the following products:
Guarddog
Firestarter
Cfire
You can find these and more at
http://packetstorm.securify.com/linux/firewall/
This month's issue of Maximum linux has reviews and tips on security too. Plus
they include a CD with all the products mentioned and more. It may be worth the
cash to pick up a copy.
Hope this helps
David
Phill Kenoyer <phill@kenoyer.com> on 11/21/2000 04:14:58 PM
To: Debian Firewall List <debian-firewall@lists.debian.org>
cc: (bcc: David Hosey/Operations/ScotiabankGroup)
Subject: Blocking Ports from showing up in scans
I have a small masq/web server on a DSL. I would like to make it a bit more
secure. Its a default install of debian. I have nfs and samba running for
my workstations to have access to the box. I have most things turned off
like telnet and ftp. What I would like to do is block a few ports from the
outside, but keep them for the local net. I dont really want to learn
ipchains, because I dont have the time right now. I've very busy, and I
would just like to do my work, but an example of how to do this would teach
me a great deal. I have not found anything on web searches that would build
the rules for me, that would run on a server without X installed. If anyone
is willing to do the rules for me, I would really be happy. Thanks.
eth0 is 10.0.0.1, private
eth1 is public.
My private network is using 10.0.0.x.
ip_masq deb is installed.
I have the following ports open on my server. I have marked with * the ones
that I want to close off to the outside, and have them not show up in a port
scan.
(The 1505 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
*111/tcp open sunrpc
113/tcp open auth
*139/tcp open netbios-ssn
389/tcp open ldap
443/tcp open https
*515/tcp open printer
*829/tcp open unknown
*899/tcp open unknown
*983/tcp open unknown
*2049/tcp open nfs
*3306/tcp open mysql
*5432/tcp open postgres
--
_ | _
(_()(|('.|)('||.|()|`|(
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: