Re: Differences between closed and filtered ports

From: Timothy.Lyons@predictive.com
Date: 11/14/01


To: Bandi <05.08@web.de>
Subject: Re: Differences between closed and filtered ports
From: Timothy.Lyons@predictive.com
Message-ID: <OFB4BF8C41.6B861252-ON85256B04.0072E63F@predictive.com>
Date: Wed, 14 Nov 2001 16:06:31 -0500

Try using REJECT instead of DENY. It makes the box look "dumber" when
being scanned.
You might also want to filter outbound ICMP destination/port Unreachable
Messages.

--Tim

Bandi <05.08@web.de>
11/13/2001 11:47

 
        To: SECURITY-BASICS@SECURITYFOCUS.COM
        cc:
        Subject: Differences between closed and filtered ports

Hello friends!

I recently thought about the following. If a port is closed the host
refuses the connection. What does the host exactly response?
If you filter a port e.g. with ipchains and you say that any traffic to
that port shall be denied, the host will (of course) not response so that
any portscanner is able to see it's filtered and not closed..
Here my two questions:
Is it necessary that the host responses on a closed port (couldn't that be
managed in some way with timeouts)?
Could you suggest a way to make ipchains act like a port was closed when
filtering it, so that a portscanner from certain machines wouldn't notice
the firewall?

Thanks in advance
Bandi