> Harland Christoffersonwrote: i have had a firewall configured to drop inbound packets on ports > that i am not using via iptables. i ran a port scanning utility from
> an external machine. the utility detected that, although the ports > were _closed_, the ports still responded to the port scan utility. > i suspect that data destine for these _closed_ ports is being put > in the TCP/UDP stack. i further suspect that malicious code could > take advantage of bugs in the stack if there are any. i wish to be > able to _block_ these ports entirely. i do not have the services > running in the /etc/inetd.conf file. > > how may i do this? i have read some firewall-ing howtos but the ones > i have read refer to iptables (or ipchains). by the way, i am running > a 2.4.18 kernel. > In your iptables script, when specifying an action with "-j" use "-j DROP" instead of "-j REJECT". This will silently drop the packet without sending a SYN,RST? packet back to the TCP client. Note that if your scanning your machine across the internet, your ISP's firewall may be set to reject some packets on some ports, eg, a lot of ISP's reject incoming packets to their customers on port 80 to stop them running a webserver, and port 139 to stop the spread of windows NETBIOS worms. In these cases, nmap would show a port as closed, but your machine never actually received to open connection packet in the first place. -- Just something to be aware of. Jason ---- Message posted via www.linuxforums.org - GNU/Linux community forums . -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
