[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

re:howto block ports

> Harland Christoffersonwrote:
i have had a firewall configured to drop inbound packets on ports 
> that i am not using via iptables. i ran a port scanning utility from

> an external machine. the utility detected that, although the ports 
> were _closed_, the ports still responded to the port scan utility.
> i suspect that data destine for these _closed_ ports is being put 
> in the TCP/UDP stack. i further suspect that malicious code could 
> take advantage of bugs in the stack if there are any. i wish to be 
> able to _block_ these ports entirely. i do not have the services 
> running in the /etc/inetd.conf file.
> 
> how may i do this? i have read some firewall-ing howtos but the ones

> i have read refer to iptables (or ipchains). by the way, i am
running 
> a 2.4.18 kernel.
> 

In your iptables script, when specifying an action with "-j" use "-j
DROP" instead of "-j REJECT". This will silently drop the packet
without sending a SYN,RST? packet back to the TCP client.

Note that if your scanning your machine across the internet, your
ISP's firewall may be set to reject some packets on some ports, eg, a
lot of ISP's reject incoming packets to their customers on port 80 to
stop them running a webserver, and port 139 to stop the spread of
windows NETBIOS worms. In these cases, nmap would show a port as
closed, but your machine never actually received to open connection
packet in the first place. -- Just something to be aware of.

Jason
----
Message posted via www.linuxforums.org - GNU/Linux community forums
.
Reply to: