Re: HELP ME
From: Baldur Gislason (baldur@foo.is)
Date: 05/16/02
- Next message: Alexandr Kovalenko: "Re: reply"
- Previous message: Jacques A. Vidrine: "Re: Patch/Announcement for DHCPD remote root hole?"
- In reply to: Marc Rogers: "Re: HELP ME"
- Next in thread: Giorgos Keramidas: "Re: HELP ME"
- Reply: Giorgos Keramidas: "Re: HELP ME"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Baldur Gislason <baldur@foo.is> To: Marc Rogers <marcr@closed-networks.com> Date: Thu, 16 May 2002 18:13:04 +0000
There's also a sysctl value, net.inet.tcp.blackhole that if set to 1 will
make the kernel ignore packets coming to closed ports rather than sending a
packet back with the RST flag set.
Baldur
On Thursday 16 May 2002 12:08, you wrote:
> The obvious option is for you to place a firewall (either locally, or
> another machine) between the internet and your machine. By firewalling
> transparently either by using a stealth firewall or a totally transparent
> firewall any attackers that try to connect to firewalled ports will get
> timeouts.
>
> [The firewall should be configured to drop offending packets silently, as
> any politeness, such as informing the source that the destination is
> administratively blocked will betray the firewall]
>
> To be honest you probably dont have alot to gain. The vast majority of
> scanning that goes on out on the net is automated to some extent. This
> means unless the tool is unable to route to your machine at all, it will
> still try to scan every port it has been instructed to check. the presence
> of even a single open (or closed / filtered) port (mail,ssh, web etc) will
> betray the existence of a firewalled machine.
>
> I guess the success of this depends entirely on who is going to be using
> your machine. If there are no public services, then by using a "denied
> unless explicitly permitted" approach you will achieve a fairly good
> result.
>
>
> Hope this helps
>
>
>
>
> Marc Rogers
> Senior Systems Administrator
> Systems Architect
> Vizzavi
>
> On Thu, May 16, 2002 at 11:45:21AM +0000, mohammad mirzaeenasir wrote:
> > DERA STAFF,
> >
> > HI, I INSTALLED A UNIX CACHE SERVER(SQUID), AND I DESABLED NETWORK
> >
> > DAEMON IN "INETD.CONF" AND I DESABLE "INETD" IN "RC.CONF".SO, IF SOMEONE
> >
> > TRY TO FTP MY UNIX BOX IT WILL BE RECIEVED "CONNECTION REFUSED".
> >
> > BUT WHAT I SHOULD LIKE YOU TO DO IS TO HELP ME TO FIND OUT WHAT CAN I
> >
> > DO IF SOME TCP CONNECTION RECIVE TO MY BOX, THE KERNEL IGNORE IT AND
> >
> > THE REMOTE MACHINE WILL RECIVE THE "CONNECTION TIMED OUT".IN THIS WAY
> >
> > THE CRACKER FIGURE OUT MY MACHINE IS DISCOONECTED AND WILL NOT TRY TO
> >
> > SCAN OTHER NETWORK PORTS.
> >
> >
> > THANK YOU VERY MUCH
> > MOHAMMAD
> >
> >
> >
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at
> > http://explorer.msn.com/intl.asp.
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Alexandr Kovalenko: "Re: reply"
- Previous message: Jacques A. Vidrine: "Re: Patch/Announcement for DHCPD remote root hole?"
- In reply to: Marc Rogers: "Re: HELP ME"
- Next in thread: Giorgos Keramidas: "Re: HELP ME"
- Reply: Giorgos Keramidas: "Re: HELP ME"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
