Re: howto block ports

To: debian-firewall@lists.debian.org
Subject: Re: howto block ports
From: Patrick Lesslie <patricklesslie@iinet.net.au>
Date: Thu, 26 Feb 2004 21:02:40 +1100
Message-id: <[🔎] 20040226100240.GC2402@tethys.lesslie.ath.cx>

On Wed, Feb 25, 2004 at 09:09:50AM -0500, Harland Christofferson wrote:
> i have had a firewall configured to drop inbound packets on ports 
> that i am not using via iptables. 

What relevant lines can you give us from that firewall?

>i ran a port scanning utility from 
> an external machine. the utility detected that, although the ports 
> were _closed_, the ports still responded to the port scan utility.
> i suspect that data destine for these _closed_ ports is being put 
> in the TCP/UDP stack. i further suspect that malicious code could 
> take advantage of bugs in the stack if there are any. i wish to be 
> able to _block_ these ports entirely. i do not have the services 
> running in the /etc/inetd.conf file.
 
I could be wrong, but attackable ports are those that are being
listened to according to netstat -tulp.

> how may i do this? i have read some firewall-ing howtos but the ones 
> i have read refer to iptables (or ipchains).

That seems like what you should be reading to me, after all you
did mention that you are running iptables.  Also, man iptables.

>by the way, i am running 
> a 2.4.18 kernel.

Make sure it's patched up to date.  There have been vulnerabilities.

Patrick Lesslie

Reply to:

Prev by Date: Re: Port Forwarding
Next by Date: Re: howto block ports
Previous by thread: howto block ports
Next by thread: Re: howto block ports
Index(es):
- Date
- Thread