>
> Message: 3
> Date: Wed, 25 Sep 2013 13:20:12 +1200
> From: Jason Haar <jason_h...@trimble.com>
> Subject: Re: [Openvpn-users] Possible to drop port scan packets?
> To: openvpn-users@lists.sourceforge.net
> Message-ID: <52423a4c.8070...@trimble.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On 25/09/13 11:16, jack seth wrote:
>> Thanks for the response. Yes I have that implemented. I am running
>> both a TCP and UDP server. Of course it is the TCP that is replying.
>> Actually the port is listed as 'closed' but I want it to appear as
>> 'stealth' (i.e. no response).
>
> Just to reiterate - you can't do that with any TCP application. By
> *definition*, TCP/IP requires a 3-way packet transaction before any
> client (like openvpn client) can even begin to talk to it. So if you
> want openvpn to run over TCP, then you have to accept that anyone can
> "know" you have something running on that port. Of course, they won't be
> able to tell just what TCP service is running on it (it isn't smtp,
> http, https, etc) - but they will know something's there
>
> PS: either your scanner is broken, or you actually don't have it running
> on TCP. If scanning a TCP port returns "closed", that 100% means
> there's nothing running on it (ignoring firewall rules that limit by ip
> address). It *must* return "open" for any of your openvpn clients to
> ever be able to use it
>
> --
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
>
Yeah, I would have thought it would be 'open' too but it says 'closed'. It has
been a while since I have tested this from outside my lan. I'll test it again
to be sure it is working but it used to work and I haven't made any config
changes. In a way this partially prompted the original question because if the
scan says 'closed' why can't openvpn just not respond. BTW, it's not my
scanner, it's a scan that many, many people have used. :)
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
