Yes, but the problem is that they are shaping on the perimeter, so
I cannot rewrite incoming packets, and they will still have a low
priority... or am I wrong?
Regards,
Robert Varga
On Mon, 2 Feb 2004, Dariush Pietrzak wrote:
> > Is there some way to override this? :-)
> You can edit packets
hi
infact i really know nothing about TCP port(except they are adress for transport layer)
i want to know what they mean in fact and how can i open and close them?
could you help me?
thanks
Yahoo! Messenger - Communicate instantly..."Ping" your friends
today! Download Messenger Now
On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> No, with REJECT they would show up as "closed". DROP produces "filtered".
FWIW, you also need "--reject-with tcp-reset" to fool nmap.
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net
Le 12451ième jour après Epoch,
Richard Atterer écrivait:
> On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
>> No, with REJECT they would show up as "closed". DROP produces "filtered".
>
> FWIW, you also need "--reject-with tcp-reset" to fool nmap.
But I think DROP is the best way
François TOURDE wrote:
> But I think DROP is the best way, 'cause it slow down NMAP or other
> sniffers.
nmap is not a sniffer but a portscanner. It's true that nmap is slowed
down by DROP but this doesn't improve security very much and can have
some annoying side effects (i.e. timeouts with ide
* Quoting François TOURDE ([EMAIL PROTECTED]):
> But I think DROP is the best way, 'cause it slow down NMAP or other
> sniffers. Sniffers must wait packet timeout, then retry, then wait,
> etc.
Your fooling yourself. What prevents sniffers from
sending multiple packets at once[0]. And you're
brea
On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> > Those ports are not showing up as open. 'Filtered' does not mean open.
> > If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
> > this exact behavior, with nothing listening on these ports.
>
> No, with REJE
In article <[EMAIL PROTECTED]> you wrote:
> infact i really know nothing about TCP port(except they are adress for
> transport layer)
Try a TCP/IP Primer. E.g. Chapter 10 on www.ipprimer.com
Essentially a Port is used to allow
a) different services on the same host (separated by the server's li
On Tue, Feb 03, 2004 at 02:09:42PM +0100, François TOURDE wrote:
> Le 12451i?me jour apr?s Epoch,
> Richard Atterer écrivait:
>
> > On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> >> No, with REJECT they would show up as "closed". DROP produces "filtered".
> >
> > FWIW, you also
Le 12451ième jour après Epoch,
Rolf Kutz écrivait:
> * Quoting François TOURDE ([EMAIL PROTECTED]):
>
>> But I think DROP is the best way, 'cause it slow down NMAP or other
>> sniffers. Sniffers must wait packet timeout, then retry, then wait,
>> etc.
>
> Your fooling yourself. What prevents sniff
On Tue, 03 Feb 2004 at 08:55:51AM -0500, Philipp Schulte wrote:
> nmap is not a sniffer but a portscanner. It's true that nmap is slowed
> down by DROP but this doesn't improve security very much and can have
> some annoying side effects (i.e. timeouts with ident-lookups).
$IPTABLES -A ETH0-IN -p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 03 Feb 2004 at 09:03:31AM -0500, Rolf Kutz wrote:
> Your fooling yourself. What prevents sniffers from
> sending multiple packets at once[0]. And you're
> breaking the TCP-Protocol, which makes debugging
> much harder.
As mentioned before, it
* Quoting Phillip Hofmeister ([EMAIL PROTECTED]):
>
> As mentioned before, it is a port-scanner. Anyhow, TCP-Reset cans turn
Ack.
> a asymmetric DoS attack/flood (one-way) into an symmetric DoS/flood
> because now your host is generating traffic by replying to these
> otherwise useless packets.
Hello Phillip,
Tuesday, February 3, 2004, 10:42:03 PM, you wrote:
PH> On Tue, 03 Feb 2004 at 08:55:51AM -0500, Philipp Schulte wrote:
>> nmap is not a sniffer but a portscanner. It's true that nmap is slowed
>> down by DROP but this doesn't improve security very much and can have
>> some annoying
On Tue, Feb 03, 2004 at 03:48:46PM +0100, Fran?ois TOURDE wrote:
>Ok, but I don't want somebody debug on *my* machine. It's only allowed
>for me :)
As long as your machine is working, I guess you don't need to debug it!
// George
--
George Georgalis, Admin/Architect cell: 646-331-2027<
Li
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings Rolf,
On Tue, 03 Feb 2004 at 06:11:34PM -0500, Rolf Kutz wrote:
> > TCP-Reset..I know. I am not one that enjoys people breaking RFCs, but
> > in this case it does make *some* sense. If someone is randomly port
> > scanning class C's and th
Le 12452ième jour après Epoch,
George Georgalis écrivait:
> On Tue, Feb 03, 2004 at 03:48:46PM +0100, Fran?ois TOURDE wrote:
>>Ok, but I don't want somebody debug on *my* machine. It's only allowed
>>for me :)
>
> As long as your machine is working, I guess you don't need to debug
> it!
Right! So
Yes, but the problem is that they are shaping on the perimeter, so
I cannot rewrite incoming packets, and they will still have a low
priority... or am I wrong?
Regards,
Robert Varga
On Mon, 2 Feb 2004, Dariush Pietrzak wrote:
> > Is there some way to override this? :-)
> You can edit packets
hi
infact i really know nothing about TCP port(except they are adress for transport layer)
i want to know what they mean in fact and how can i open and close them?
could you help me?
thanks
Yahoo! Messenger - Communicate instantly..."Ping" your friends
today! Download Messenger Now
On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> No, with REJECT they would show up as "closed". DROP produces "filtered".
FWIW, you also need "--reject-with tcp-reset" to fool nmap.
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net
Le 12451ième jour après Epoch,
Richard Atterer écrivait:
> On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
>> No, with REJECT they would show up as "closed". DROP produces "filtered".
>
> FWIW, you also need "--reject-with tcp-reset" to fool nmap.
But I think DROP is the best way
François TOURDE wrote:
> But I think DROP is the best way, 'cause it slow down NMAP or other
> sniffers.
nmap is not a sniffer but a portscanner. It's true that nmap is slowed
down by DROP but this doesn't improve security very much and can have
some annoying side effects (i.e. timeouts with ide
* Quoting François TOURDE ([EMAIL PROTECTED]):
> But I think DROP is the best way, 'cause it slow down NMAP or other
> sniffers. Sniffers must wait packet timeout, then retry, then wait,
> etc.
Your fooling yourself. What prevents sniffers from
sending multiple packets at once[0]. And you're
brea
On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> > Those ports are not showing up as open. 'Filtered' does not mean open.
> > If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
> > this exact behavior, with nothing listening on these ports.
>
> No, with REJE
In article <[EMAIL PROTECTED]> you wrote:
> infact i really know nothing about TCP port(except they are adress for
> transport layer)
Try a TCP/IP Primer. E.g. Chapter 10 on www.ipprimer.com
Essentially a Port is used to allow
a) different services on the same host (separated by the server's li
On Tue, Feb 03, 2004 at 02:09:42PM +0100, François TOURDE wrote:
> Le 12451i?me jour apr?s Epoch,
> Richard Atterer écrivait:
>
> > On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> >> No, with REJECT they would show up as "closed". DROP produces "filtered".
> >
> > FWIW, you also
Le 12451ième jour après Epoch,
Rolf Kutz écrivait:
> * Quoting François TOURDE ([EMAIL PROTECTED]):
>
>> But I think DROP is the best way, 'cause it slow down NMAP or other
>> sniffers. Sniffers must wait packet timeout, then retry, then wait,
>> etc.
>
> Your fooling yourself. What prevents sniff
On Tue, 03 Feb 2004 at 08:55:51AM -0500, Philipp Schulte wrote:
> nmap is not a sniffer but a portscanner. It's true that nmap is slowed
> down by DROP but this doesn't improve security very much and can have
> some annoying side effects (i.e. timeouts with ident-lookups).
$IPTABLES -A ETH0-IN -p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 03 Feb 2004 at 09:03:31AM -0500, Rolf Kutz wrote:
> Your fooling yourself. What prevents sniffers from
> sending multiple packets at once[0]. And you're
> breaking the TCP-Protocol, which makes debugging
> much harder.
As mentioned before, it
* Quoting Phillip Hofmeister ([EMAIL PROTECTED]):
>
> As mentioned before, it is a port-scanner. Anyhow, TCP-Reset cans turn
Ack.
> a asymmetric DoS attack/flood (one-way) into an symmetric DoS/flood
> because now your host is generating traffic by replying to these
> otherwise useless packets.
Hello Phillip,
Tuesday, February 3, 2004, 10:42:03 PM, you wrote:
PH> On Tue, 03 Feb 2004 at 08:55:51AM -0500, Philipp Schulte wrote:
>> nmap is not a sniffer but a portscanner. It's true that nmap is slowed
>> down by DROP but this doesn't improve security very much and can have
>> some annoying
On Tue, Feb 03, 2004 at 03:48:46PM +0100, Fran?ois TOURDE wrote:
>Ok, but I don't want somebody debug on *my* machine. It's only allowed
>for me :)
As long as your machine is working, I guess you don't need to debug it!
// George
--
George Georgalis, Admin/Architect cell: 646-331-2027<
Li
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings Rolf,
On Tue, 03 Feb 2004 at 06:11:34PM -0500, Rolf Kutz wrote:
> > TCP-Reset..I know. I am not one that enjoys people breaking RFCs, but
> > in this case it does make *some* sense. If someone is randomly port
> > scanning class C's and th
Le 12452ième jour après Epoch,
George Georgalis écrivait:
> On Tue, Feb 03, 2004 at 03:48:46PM +0100, Fran?ois TOURDE wrote:
>>Ok, but I don't want somebody debug on *my* machine. It's only allowed
>>for me :)
>
> As long as your machine is working, I guess you don't need to debug
> it!
Right! So
34 matches
Mail list logo
