Re: HELP ME
From: Marc Rogers (marcr@closed-networks.com)
Date: 05/16/02
- Next message: David Syphers: "Re: Patch/Announcement for DHCPD remote root hole?"
- Previous message: mohammad mirzaeenasir: "HELP ME"
- In reply to: mohammad mirzaeenasir: "HELP ME"
- Next in thread: Baldur Gislason: "Re: HELP ME"
- Reply: Baldur Gislason: "Re: HELP ME"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 May 2002 13:08:05 +0100 From: Marc Rogers <marcr@closed-networks.com> To: mohammad mirzaeenasir <hezare3@hotmail.com>
The obvious option is for you to place a firewall (either locally, or another
machine) between the internet and your machine. By firewalling transparently
either by using a stealth firewall or a totally transparent firewall any
attackers that try to connect to firewalled ports will get timeouts.
[The firewall should be configured to drop offending packets silently, as any
politeness, such as informing the source that the destination is administratively
blocked will betray the firewall]
To be honest you probably dont have alot to gain. The vast majority of scanning
that goes on out on the net is automated to some extent. This means unless
the tool is unable to route to your machine at all, it will still try
to scan every port it has been instructed to check. the presence of even a
single open (or closed / filtered) port (mail,ssh, web etc) will betray the
existence of a firewalled machine.
I guess the success of this depends entirely on who is going to be using
your machine. If there are no public services, then by using a "denied unless
explicitly permitted" approach you will achieve a fairly good result.
Hope this helps
Marc Rogers
Senior Systems Administrator
Systems Architect
Vizzavi
On Thu, May 16, 2002 at 11:45:21AM +0000, mohammad mirzaeenasir wrote:
>
> DERA STAFF,
>
> HI, I INSTALLED A UNIX CACHE SERVER(SQUID), AND I DESABLED NETWORK
>
> DAEMON IN "INETD.CONF" AND I DESABLE "INETD" IN "RC.CONF".SO, IF SOMEONE
>
> TRY TO FTP MY UNIX BOX IT WILL BE RECIEVED "CONNECTION REFUSED".
>
> BUT WHAT I SHOULD LIKE YOU TO DO IS TO HELP ME TO FIND OUT WHAT CAN I
>
> DO IF SOME TCP CONNECTION RECIVE TO MY BOX, THE KERNEL IGNORE IT AND
>
> THE REMOTE MACHINE WILL RECIVE THE "CONNECTION TIMED OUT".IN THIS WAY
>
> THE CRACKER FIGURE OUT MY MACHINE IS DISCOONECTED AND WILL NOT TRY TO
>
> SCAN OTHER NETWORK PORTS.
>
>
> THANK YOU VERY MUCH
> MOHAMMAD
>
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: David Syphers: "Re: Patch/Announcement for DHCPD remote root hole?"
- Previous message: mohammad mirzaeenasir: "HELP ME"
- In reply to: mohammad mirzaeenasir: "HELP ME"
- Next in thread: Baldur Gislason: "Re: HELP ME"
- Reply: Baldur Gislason: "Re: HELP ME"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
