Re: Differences between closed and filtered ports

From: Timothy.Lyons@predictive.com
Date: 11/14/01


To: Bandi <05.08@web.de>
Subject: Re: Differences between closed and filtered ports
From: Timothy.Lyons@predictive.com
Message-ID: <OFB4BF8C41.6B861252-ON85256B04.0072E63F@predictive.com>
Date: Wed, 14 Nov 2001 16:06:31 -0500

Try using REJECT instead of DENY. It makes the box look "dumber" when
being scanned.
You might also want to filter outbound ICMP destination/port Unreachable
Messages.

--Tim

Bandi <05.08@web.de>
11/13/2001 11:47

 
        To: SECURITY-BASICS@SECURITYFOCUS.COM
        cc:
        Subject: Differences between closed and filtered ports

Hello friends!

I recently thought about the following. If a port is closed the host
refuses the connection. What does the host exactly response?
If you filter a port e.g. with ipchains and you say that any traffic to
that port shall be denied, the host will (of course) not response so that
any portscanner is able to see it's filtered and not closed..
Here my two questions:
Is it necessary that the host responses on a closed port (couldn't that be
managed in some way with timeouts)?
Could you suggest a way to make ipchains act like a port was closed when
filtering it, so that a portscanner from certain machines wouldn't notice
the firewall?

Thanks in advance
Bandi



Relevant Pages

  • Re: non-random IP IDs
    ... > make it somewhat harder to insert bogus fragments into a packet stream. ... For example, if you have a low volume host with one port open, you can ... You never see the response, or lack thereof, to the ...
    (FreeBSD-Security)
  • Re: HELP: BizTalk 2004 Direct Port to Message Box - Delivered not consumed
    ... Have to tighten up the filter expression - because once i subscribe to ... Message box direct bound ports, as its name implies, allows you to drop ... bound port set the 'Partner Orchestration Port' property to ... an activating receive shape the subscription will be the message type ...
    (microsoft.public.biztalk.general)
  • Re: port 0 not stealth
    ... The use of "Stealth" does not hide a host (easily demonstrated using ... A RST response is default, ... firewall is in use. ... port scans are not done by six year old skript ...
    (comp.security.firewalls)
  • Re: Scanning--more then one side to the argument
    ... PORT STATE SERVICE VERSION ... Filtered means that a firewall, filter, or other network obstacle ... >> I would say that any open port POTENTIALLY could be a security issue ... just being networked could be a risk. ...
    (Security-Basics)
  • Re: Microsoft Strategic Technology Protection Program
    ... the default setting when specifying a filter in the 'IP ... outbound TCP *sessions*. ... This would mean that the web server cannot use port ... if you set up a mirrored filter in IPSec, ...
    (NT-Bugtraq)