[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: opening ports

Andrei Popescu wrote:
On Mon, Dec 11, 2006 at 03:30:16PM -0600, Mike McCarty wrote:

Andrei Popescu wrote:

On Mon, Dec 11, 2006 at 08:28:16AM +0100, Jochen Schulz wrote:


1) How would I open ftp ports after doing an apt-get install proftpd?

On Debian, all ports are "open" by default (but there are not many
services listening, so it doesn't matter). If a service is being
installed, it can be assumed that it should actually be available. FTP
uses ports 20 and 21 (tcp), so if Ubuntu has some iptables rules
effective by default, you should make exceptions for these ports.

Actually they are called "closed" if no service is listening and "open"
when some service (daemon) is listening. The ports protected by a

Umm, I thought that was called "stealth". IMO, whether a service
is running is irrelevant. What matters is how the port is perceived
from the outside world. AIUI, a port which does not respond, and appears
not to exist is called "stealth". It may have a service running
which reports attempts to open, but does not respond to the
external request.

AFAIK, a port with no service listening to it will respond in some way,
saying there is no service, while a "stealth" port will silently drop
any packets, as if it wouldn't exist. Try a port-scan on some internet
firewall scanner with your firewall off.

Are you using "service" in the technical sense? Like FTP, for
example? My firewall drops all packets, just like no daemon
were running. Above, the word service was used with reference
to "daemon", and I took it to mean the IP daemon. IOW, NOTHING
back there. The bits fall into the bit bucket on the back
of my machine. You seem to mean that there *is* a service
back there, but not a protocol service.


A stealthed port appears not to exist to the external world,
but that does not mean that there is no service "listening"
on it.

You can achieve that only with a firewall which drops requests.

Which mine does.

Also, the term "stealth" has been around longer than Windows
firewalls, I do believe.

Might be, but it's more used in the MS world.

I don't claim to be an expert on these matters.

Me neighter :)

I guess we're equally iggernunt then. :-)

This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

Reply to: