Re: howto block ports
On Wed, 2004-02-25 at 09:50, Harland Christofferson wrote:
> i have had a firewall configured to drop inbound packets on ports
> that i am not using via iptables. i ran a port scanning utility from
> an external machine. the utility detected that, although the ports
> were _closed_, the ports still responded to the port scan utility.
What makes you say this? What do you mean by "responded"?
> i suspect that data destine for these _closed_ ports is being put
> in the TCP/UDP stack.
I'm no expert, but I suspect that to do much of anything with most
networking data, the TCP stack would need to be used. How else would the
kernel know how to interperit the packets and apply your firewall rules
to them?
> i further suspect that malicious code could
> take advantage of bugs in the stack if there are any. i wish to be
> able to _block_ these ports entirely. i do not have the services
> running in the /etc/inetd.conf file.
>
Just dropping packets rather than rejecting them would seem to me to be
the action which would involve the least processing or action in
response to unwanted packets. I dont know that this really adds any more
security, however.
> how may i do this? i have read some firewall-ing howtos but the ones
> i have read refer to iptables (or ipchains). by the way, i am running
> a 2.4.18 kernel.
It sounds to me like you are being refered to the correct places.
IPtables is the tool you want to use for 2.4+ kernels.
There are a couple of good IPtables howtos or tutorials out there,
though I cant remember the URLs off hand. A good place to start would be
www.netfilter.org.
BTW, is it just me, or is thier web page displaying in a funky fashion?
What is usually the left hand column stretches the whole way accross my
screen, and the usual content portion is in a relativly skinny column to
its right.
-davidc
Reply to: