Re: HELP ME

From: Marc Rogers (marcr@closed-networks.com)
Date: 05/16/02


Date: Thu, 16 May 2002 13:08:05 +0100
From: Marc Rogers <marcr@closed-networks.com>
To: mohammad mirzaeenasir <hezare3@hotmail.com>


 The obvious option is for you to place a firewall (either locally, or another
machine) between the internet and your machine. By firewalling transparently
either by using a stealth firewall or a totally transparent firewall any
attackers that try to connect to firewalled ports will get timeouts.

[The firewall should be configured to drop offending packets silently, as any
politeness, such as informing the source that the destination is administratively
blocked will betray the firewall]

 To be honest you probably dont have alot to gain. The vast majority of scanning
that goes on out on the net is automated to some extent. This means unless
the tool is unable to route to your machine at all, it will still try
to scan every port it has been instructed to check. the presence of even a
single open (or closed / filtered) port (mail,ssh, web etc) will betray the
existence of a firewalled machine.

 I guess the success of this depends entirely on who is going to be using
your machine. If there are no public services, then by using a "denied unless
explicitly permitted" approach you will achieve a fairly good result.

Hope this helps

Marc Rogers
Senior Systems Administrator
Systems Architect
Vizzavi

On Thu, May 16, 2002 at 11:45:21AM +0000, mohammad mirzaeenasir wrote:
>
> DERA STAFF,
>
> HI, I INSTALLED A UNIX CACHE SERVER(SQUID), AND I DESABLED NETWORK
>
> DAEMON IN "INETD.CONF" AND I DESABLE "INETD" IN "RC.CONF".SO, IF SOMEONE
>
> TRY TO FTP MY UNIX BOX IT WILL BE RECIEVED "CONNECTION REFUSED".
>
> BUT WHAT I SHOULD LIKE YOU TO DO IS TO HELP ME TO FIND OUT WHAT CAN I
>
> DO IF SOME TCP CONNECTION RECIVE TO MY BOX, THE KERNEL IGNORE IT AND
>
> THE REMOTE MACHINE WILL RECIVE THE "CONNECTION TIMED OUT".IN THIS WAY
>
> THE CRACKER FIGURE OUT MY MACHINE IS DISCOONECTED AND WILL NOT TRY TO
>
> SCAN OTHER NETWORK PORTS.
>
>
> THANK YOU VERY MUCH
> MOHAMMAD
>
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: Another VPN Issue...Say it aint so...
    ... click on "Services and Ports." ... Now how can I configure the firewall within ... but this time disable Firewall and redo remote access ... to make sure I get a good snap-in connection and see what goes on?!? ...
    (microsoft.public.windows.server.sbs)
  • Re: WDSC, VPN, and RPG Editing
    ... this) and so it drops the ethernet connection. ... to do with firewalls or other ports. ... do with the firewall on my router and the ports that are/aren't ... workstation to port 446 on the iSeries server. ...
    (comp.sys.ibm.as400.misc)
  • AdAware, SpyBot S &D, etc. + leave PC connected to Internet
    ... Does it have somehting to dow the Firewall ... with spyware services and adsites, the latter of which can be worse ... What ports are open? ... routers do absolutely zero as far as preventing outbound connection ...
    (comp.security.firewalls)
  • Re: How to close the unnecessary Ports
    ... >> necessary ports for a homeuser and how to close the rest of the ports? ... I assume you are running a hostbased firewall with no server ports ... > know whether it is a statefull or a packet filtering firewall as the ... makes decisions based on the connection as well as the rule base. ...
    (alt.computer.security)
  • Re: WDSC, VPN, and RPG Editing
    ... to do with firewalls or other ports. ... VPN my connection is great, ... do with the firewall on my router and the ports that are/aren't ... workstation to port 446 on the iSeries server. ...
    (comp.sys.ibm.as400.misc)