Firstly look through the services you run and see if they can be bound to a single interface only. If they run from inetd you can replace it with xinetd to gain this functionality. Secondly (and this may or may not work I've never actually tried it), you could try rejecting the packets rather than dropping them. That should return a port closed type message to nmap so it would be unable to tell that port it filtered.
At 08:34 10/01/2002 -0700, David Bishop wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I'm running a server that's hot to the net, and running some insecure >services (by necessity), like nfs. Of course, I used iptables to block all >those ports, using nmap and netstat to double check all my open ports. >However, what nmap reports back is "filtered" for those ports. I would >prefer if I could somehow make it so that they are "closed" to the outside >world, so that random j. hacker doesn't know that I'm running that service at >all. Is there some way to do that, or do I just live with "filtered"? > >TIA and HAND! > >- -- >D.A.Bishop >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.6 (GNU/Linux) >Comment: For info see http://www.gnupg.org > >iD8DBQE8PbSkEHLN/FXAbC0RAujUAJ0V5VD9ct2NbznFwtg4+j6D/rtmzACdEFDy >EUlPKvw//odhMmweQ5Yx5dw= >=3oEF >-----END PGP SIGNATURE----- > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
