On Wed, 2004-02-25 at 09:50, Harland Christofferson wrote: > i have had a firewall configured to drop inbound packets on ports > that i am not using via iptables. i ran a port scanning utility from > an external machine. the utility detected that, although the ports > were _closed_, the ports still responded to the port scan utility.
What makes you say this? What do you mean by "responded"? > i suspect that data destine for these _closed_ ports is being put > in the TCP/UDP stack. I'm no expert, but I suspect that to do much of anything with most networking data, the TCP stack would need to be used. How else would the kernel know how to interperit the packets and apply your firewall rules to them? > i further suspect that malicious code could > take advantage of bugs in the stack if there are any. i wish to be > able to _block_ these ports entirely. i do not have the services > running in the /etc/inetd.conf file. > Just dropping packets rather than rejecting them would seem to me to be the action which would involve the least processing or action in response to unwanted packets. I dont know that this really adds any more security, however. > how may i do this? i have read some firewall-ing howtos but the ones > i have read refer to iptables (or ipchains). by the way, i am running > a 2.4.18 kernel. It sounds to me like you are being refered to the correct places. IPtables is the tool you want to use for 2.4+ kernels. There are a couple of good IPtables howtos or tutorials out there, though I cant remember the URLs off hand. A good place to start would be www.netfilter.org. BTW, is it just me, or is thier web page displaying in a funky fashion? What is usually the left hand column stretches the whole way accross my screen, and the usual content portion is in a relativly skinny column to its right. -davidc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
