On Mon, Dec 11, 2006 at 03:30:16PM -0600, Mike McCarty wrote: > Andrei Popescu wrote: > >On Mon, Dec 11, 2006 at 08:28:16AM +0100, Jochen Schulz wrote: > >>Bruce: > >> > >>>1) How would I open ftp ports after doing an apt-get install proftpd? > >> > >>On Debian, all ports are "open" by default (but there are not many > >>services listening, so it doesn't matter). If a service is being > >>installed, it can be assumed that it should actually be available. FTP > >>uses ports 20 and 21 (tcp), so if Ubuntu has some iptables rules > >>effective by default, you should make exceptions for these ports. > >Actually they are called "closed" if no service is listening and "open" > >when some service (daemon) is listening. The ports protected by a > > Umm, I thought that was called "stealth". IMO, whether a service > is running is irrelevant. What matters is how the port is perceived > from the outside world. AIUI, a port which does not respond, and appears > not to exist is called "stealth". It may have a service running > which reports attempts to open, but does not respond to the > external request.
AFAIK, a port with no service listening to it will respond in some way, saying there is no service, while a "stealth" port will silently drop any packets, as if it wouldn't exist. Try a port-scan on some internet firewall scanner with your firewall off. > A port which responds with "denied" is called "closed". A port > which responds with "accepted" is "open", though the service > may request a switch to another port (like FTP does). > > >firewall are sometimes called "filtered" (by nmap) or "stealth" (by > >some Windows firewalls). > > A stealthed port appears not to exist to the external world, > but that does not mean that there is no service "listening" > on it. You can achieve that only with a firewall which drops requests. > Also, the term "stealth" has been around longer than Windows > firewalls, I do believe. Might be, but it's more used in the MS world. > I don't claim to be an expert on these matters. Me neighter :) Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
