Mailinglist Archive: opensuse-security (556 mails)
| < Previous | Next > |
Re: [suse-security] filtering ports
- From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
- Date: Wed, 26 Sep 2001 14:56:46 -0600
- Message-id: <008d01c146cd$c18d7dc0$6400030a@xxxxxxxxxxxx>
> Hi all,
>
> I use iptables as a firewall on my local machine to filter any incoming
> connections one some ports I want to protect. I have tested this with one
> single port and then run a portscan o that machine. nmap was not able to
> connect to that protected port but it marked the port as "filtered". How
can
> I prevent this? nmap should not be able to see if and which ports are
> filtered. I have tried with DENY and REJECT but got the same report.
Make sure you don't send out icmp unreachables. hint: man iptables. double
hint: DROP. Damn those man pages and their documentation! ;)
> Thanx
> Michael
Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/
>
> I use iptables as a firewall on my local machine to filter any incoming
> connections one some ports I want to protect. I have tested this with one
> single port and then run a portscan o that machine. nmap was not able to
> connect to that protected port but it marked the port as "filtered". How
can
> I prevent this? nmap should not be able to see if and which ports are
> filtered. I have tried with DENY and REJECT but got the same report.
Make sure you don't send out icmp unreachables. hint: man iptables. double
hint: DROP. Damn those man pages and their documentation! ;)
> Thanx
> Michael
Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/
| < Previous | Next > |