well, when i do a port scan and have DENY in the firwall rules, i get the message that the port is in a filtered state. maybe this is just my thinking, but if its filtered, then there must be a daemon listening on that port. why would i filter access to the port if there is nothing listening on that port. so i use REJECT so that the port does not even show up as filtered but rather closed. and just because the port is unfiltered doesnt mean that someone cannot connect to it. telnet, ftp, ssh, etc can all be blocked with /etc/hosts.allow, and i use this, along with ipchains/iptables rules to block access as well. On Thu, 6 Sep 2001, Anders Johansson wrote:
What does that mean? How can anyone tell which ports have programs listening on them, if the firewall has DENY on all ports? And if by open you mean unfiltered, why wouldn't they be able to connect to them?
Anders
On Thursday 06 September 2001 19.06, dog@intop.net wrote:
you can use a REJECT instead of DENY for the ipchains rule and your machine will not appear to even be online. if you use the deny rule, they can still tell what ports you have open, but cannot connect to them.
On Thu, 6 Sep 2001, maf king wrote:
On 2001.09.06 17:06:59 +0100 Radu Anghel wrote:
Hi,
Got an ip witch is scanning during the night (an internet cafe sez pcnet). How can I block all the ports for this IP?
Many thanks,
Radu
1. What kernel version are you using? It makes a difference for the command to use.
2. Make sure you have ipchains (2.2.x) or iptables (2.4.x) installed
issue a command (as root) along the lines of :
iptables -I INPUT 1 -s addr.of.bad.ip -j DROP
(for 2.4.x)
see man iptables for an explanation of this.
if you are on a 2.2.x kernel, use
ipchains -I INPUT 1 -s bad.ip.add.ress -j DENY
NOTE : this doesn't stop them scanning, it just stops you from replying!
HTH Maf
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"It is easier to do a job right than to explain why you didn't."
- Martin Van Buren
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com