Re: howto block ports
On Wed, Feb 25, 2004 at 09:50:28AM -0500, Harland Christofferson wrote:
> i have had a firewall configured to drop inbound packets on ports
> that i am not using via iptables. i ran a port scanning utility from
> an external machine. the utility detected that, although the ports
> were _closed_, the ports still responded to the port scan utility.
> i suspect that data destine for these _closed_ ports is being put
> in the TCP/UDP stack. i further suspect that malicious code could
> take advantage of bugs in the stack if there are any.
This is the correct behavior. Send an icmp-port-closed-or-something.
The data will hit the kernel and all packets will get above message.
Change -j REJECT to -j DROP in iptables for what you want. No real
increase in security IMHO unless you want to hide the existance of the
machine and are ignoring pings etc.
Note that nmap will now say 1348 ports filtered rather than 1348 ports
closed.
> i wish to be
> able to _block_ these ports entirely. i do not have the services
> running in the /etc/inetd.conf file.
Quick question from myself, anyone know how to get RPC to bind only to
localhost? I'd prefer not to have a port open just to run KDE...
And while i'm at it anyone know how to satisfy the inetd dependancy but
not have inetd running the Debian way? Its not as if its listening
to any ports - just takeing up resources.
> how may i do this? i have read some firewall-ing howtos but the ones
> i have read refer to iptables (or ipchains). by the way, i am running
> a 2.4.18 kernel.
iptables == good the last time I checked. I don't run 2.6 yet though.
2.4 supports ipfwadm,ipchains and iptables. Just don't turn on more than
one.
Brian
Reply to: