Fwd: Re: howto block ports

To: debian-user@lists.debian.org
Subject: Fwd: Re: howto block ports
From: Harland Christofferson <debian-user@zerocrossings.com>
Date: Wed, 25 Feb 2004 10:25:50 -0500
Message-id: <jUsT.aNoTheR.mEsSaGe.iD.107772250126481non specified
Reply-to: debian-user@zerocrossings.com

At Wednesday, 25 February 2004, David Clymer <david@zettazebra.com> 
wrote:

>On Wed, 2004-02-25 at 09:50, Harland Christofferson wrote:
>> i have had a firewall configured to drop inbound packets on ports 
>> that i am not using via iptables. i ran a port scanning utility from 
>> an external machine. the utility detected that, although the ports 
>> were _closed_, the ports still responded to the port scan utility.
>
>What makes you say this? What do you mean by "responded"?
>
>> i suspect that data destine for these _closed_ ports is being put 
>> in the TCP/UDP stack.
>
>I'm no expert, but I suspect that to do much of anything with most
>networking data, the TCP stack would need to be used. How else would 
the
>kernel know how to interperit the packets and apply your firewall rules
>to them?
>
>>  i further suspect that malicious code could 
>> take advantage of bugs in the stack if there are any. i wish to be 
>> able to _block_ these ports entirely. i do not have the services 
>> running in the /etc/inetd.conf file.
>> 
>
>Just dropping packets rather than rejecting them would seem to me to be
>the action which would involve the least processing or action in
>response to unwanted packets. I dont know that this really adds 
any more
>security, however.
>
>> how may i do this? i have read some firewall-ing howtos but the ones 
>> i have read refer to iptables (or ipchains). by the way, i am 
running 
>> a 2.4.18 kernel.
>
>It sounds to me like you are being refered to the correct places.
>IPtables is the tool you want to use for 2.4+ kernels.
>
>There are a couple of good IPtables howtos or tutorials out there,
>though I cant remember the URLs off hand. A good place to start 
would be
>www.netfilter.org.
>
>BTW, is it just me, or is thier web page displaying in a funky fashion?
>What is usually the left hand column stretches the whole way accross my
>screen, and the usual content portion is in a relativly skinny column 
to
>its right.
>
>-davidc
>
>-- 
>To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.
debian.org
>

Reply to:

Prev by Date: Re: howto block ports
Next by Date: Re: howto block ports
Previous by thread: Re: howto block ports
Next by thread: Re: howto block ports
Index(es):
- Date
- Thread