Re: howto block ports

To: debian-user@lists.debian.org
Subject: Re: howto block ports
From: Paul Johnson <baloo@ursine.ca>
Date: Wed, 25 Feb 2004 09:53:12 -0800
Message-id: <[🔎] 20040225175312.GE31142@ursine.ca>
Mail-followup-to: debian-user@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Feb 25, 2004 at 09:50:28AM -0500, Harland Christofferson wrote:
> i have had a firewall configured to drop inbound packets on ports 
> that i am not using via iptables. i ran a port scanning utility from 
> an external machine. the utility detected that, although the ports 
> were _closed_, the ports still responded to the port scan utility.

Yes, that's right.  This is not a bug.  Making ports not respond is
broken behavior, go read the RFCs.

> i suspect that data destine for these _closed_ ports is being put 
> in the TCP/UDP stack.

All traffic coming in is, whether or not it's for you, if it's on the
same segment.  This isn't different in any other OS, either.

> i further suspect that malicious code could take advantage of bugs
> in the stack if there are any. i wish to be able to _block_ these
> ports entirely.

The only way you're going to do that is to go use another machine
before that one to be the firewall, you just can't do that in software
alone.

- -- 
 .''`.     Paul Johnson <baloo@ursine.ca>
: :'  :    http://ursine.ca/
`. `'`     proud Debian admin and user
  `-       Debian.  Because it *must* work.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAPOEIUzgNqloQMwcRAnx8AKCxFA1DM7J+oaGlXQT5EaPgnoXPqACgjTqw
k7um1ZpmY4kcRigjee9ebZU=
=TvTN
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: howto block ports
  - From: Brian Brazil <bbrazil@netsoc.tcd.ie>

Prev by Date: Re: Postgre/PHP installation woes
Next by Date: Re: Strong encryption in Mozilla
Previous by thread: Re: howto block ports
Next by thread: Re: howto block ports
Index(es):
- Date
- Thread