[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: opening ports



On Mon, Dec 11, 2006 at 03:30:16PM -0600, Mike McCarty wrote:
> Andrei Popescu wrote:
> >On Mon, Dec 11, 2006 at 08:28:16AM +0100, Jochen Schulz wrote:
> >>Bruce:
> >>
> >>>1) How would I open ftp ports after doing an apt-get install proftpd?
> >>
> >>On Debian, all ports are "open" by default (but there are not many
> >>services listening, so it doesn't matter). If a service is being
> >>installed, it can be assumed that it should actually be available. FTP
> >>uses ports 20 and 21 (tcp), so if Ubuntu has some iptables rules
> >>effective by default, you should make exceptions for these ports.
> >Actually they are called "closed" if no service is listening and "open"
> >when some service (daemon) is listening. The ports protected by a
> 
> Umm, I thought that was called "stealth". IMO, whether a service
> is running is irrelevant. What matters is how the port is perceived
> from the outside world. AIUI, a port which does not respond, and appears
> not to exist is called "stealth". It may have a service running
> which reports attempts to open, but does not respond to the
> external request.

AFAIK, a port with no service listening to it will respond in some way,
saying there is no service, while a "stealth" port will silently drop
any packets, as if it wouldn't exist. Try a port-scan on some internet
firewall scanner with your firewall off.

> A port which responds with "denied" is called "closed". A port
> which responds with "accepted" is "open", though the service
> may request a switch to another port (like FTP does).
> 
> >firewall are sometimes called "filtered" (by nmap) or "stealth" (by
> >some Windows firewalls).
> 
> A stealthed port appears not to exist to the external world,
> but that does not mean that there is no service "listening"
> on it.

You can achieve that only with a firewall which drops requests.

> Also, the term "stealth" has been around longer than Windows
> firewalls, I do believe.

Might be, but it's more used in the MS world.

> I don't claim to be an expert on these matters.

Me neighter :)

Regards,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)



Reply to: