At Wednesday, 25 February 2004, David Clymer <[EMAIL PROTECTED]> wrote:
>On Wed, 2004-02-25 at 09:50, Harland Christofferson wrote: >> i have had a firewall configured to drop inbound packets on ports >> that i am not using via iptables. i ran a port scanning utility from >> an external machine. the utility detected that, although the ports >> were _closed_, the ports still responded to the port scan utility. > >What makes you say this? What do you mean by "responded"? > >> i suspect that data destine for these _closed_ ports is being put >> in the TCP/UDP stack. > >I'm no expert, but I suspect that to do much of anything with most >networking data, the TCP stack would need to be used. How else would the >kernel know how to interperit the packets and apply your firewall rules >to them? > >> i further suspect that malicious code could >> take advantage of bugs in the stack if there are any. i wish to be >> able to _block_ these ports entirely. i do not have the services >> running in the /etc/inetd.conf file. >> > >Just dropping packets rather than rejecting them would seem to me to be >the action which would involve the least processing or action in >response to unwanted packets. I dont know that this really adds any more >security, however. > >> how may i do this? i have read some firewall-ing howtos but the ones >> i have read refer to iptables (or ipchains). by the way, i am running >> a 2.4.18 kernel. > >It sounds to me like you are being refered to the correct places. >IPtables is the tool you want to use for 2.4+ kernels. > >There are a couple of good IPtables howtos or tutorials out there, >though I cant remember the URLs off hand. A good place to start would be >www.netfilter.org. > >BTW, is it just me, or is thier web page displaying in a funky fashion? >What is usually the left hand column stretches the whole way accross my >screen, and the usual content portion is in a relativly skinny column to >its right. > >-davidc > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] debian.org > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
