Re: Differences between closed and filtered ports
From: Timothy.Lyons@predictive.comDate: 11/14/01
- Previous message: Pablo Andres Muņoz Meza: "Re: IIS + ASP guru's called to help w/ CDONTS"
- Maybe in reply to: Bandi: "Differences between closed and filtered ports"
- Next in thread: buzzdee: "Re: Differences between closed and filtered ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Bandi <05.08@web.de> Subject: Re: Differences between closed and filtered ports From: Timothy.Lyons@predictive.com Message-ID: <OFB4BF8C41.6B861252-ON85256B04.0072E63F@predictive.com> Date: Wed, 14 Nov 2001 16:06:31 -0500
Try using REJECT instead of DENY. It makes the box look "dumber" when
being scanned.
You might also want to filter outbound ICMP destination/port Unreachable
Messages.
--Tim
Bandi <05.08@web.de>
11/13/2001 11:47
To: SECURITY-BASICS@SECURITYFOCUS.COM
cc:
Subject: Differences between closed and filtered ports
Hello friends!
I recently thought about the following. If a port is closed the host
refuses the connection. What does the host exactly response?
If you filter a port e.g. with ipchains and you say that any traffic to
that port shall be denied, the host will (of course) not response so that
any portscanner is able to see it's filtered and not closed..
Here my two questions:
Is it necessary that the host responses on a closed port (couldn't that be
managed in some way with timeouts)?
Could you suggest a way to make ipchains act like a port was closed when
filtering it, so that a portscanner from certain machines wouldn't notice
the firewall?
Thanks in advance
Bandi
- Previous message: Pablo Andres Muņoz Meza: "Re: IIS + ASP guru's called to help w/ CDONTS"
- Maybe in reply to: Bandi: "Differences between closed and filtered ports"
- Next in thread: buzzdee: "Re: Differences between closed and filtered ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
