Re: Can I protect my RedHat 7.2 box from port scanning?
From: grindel (grindel1_at_yahoo.com)
Date: Thu, 05 Jun 2003 22:34:50 -0400
Kenneth A Kauffman wrote:
> "Massimo Ciscato" <firstname.lastname@example.org> wrote in message
>> > Get a firewall.
>> > Try to limit the stuff running on your machine.
>> I think that suggesting as first thing to get a firewall is wrong.
>> I'd rather say that first you should remove all the unnecessary services,
>> that you close all the ports that you don't need.
>> Then keep up with the latest versions of the software for the services
>> you need to run.
>> If necessary you can install a local firewall like iptables to further
>> your machine.
>> You should focus on the security of the machine and not rely on an
> Regards Massimo -
> I agree, the first measure should be to upgrade necessary services and
> shutdown unnecessary services. You can see really quickly which ports are
> wide open with a netstat -a | grep LISTEN.
> However, a firewall should be used. Whether it is in the form of a simple
> broadband router with NAT or implementing rulesets on the box with
> IPTABLES. *Not* considering a firewall is a poor choice.
> That being said, implementing the first step will go a long way to keep
> intruders out - but the firewall should definitely be the second step of
> your security.
> ken k
I don't agree with the idea of needing a firewall. Your point has merits
I'm not saying that firewalls aren't good security. However for a home user
a firewall is an added headache. He can secure his system adequately with
the by closing any unneeded services, updating his software and if he wants
using iptables. The need simply doesn't justify the use of a hardware
Administrating his system well can be just as effective as a hardware
To answer your questions about nmap. You can filter the ports on your system
so that they look stateless to a scanner. (Stateless means that the ports
will not respond to the request and appear stealthed.) If all ports are
stealth the machine looks like a hole in the internet it simply doesn't
exist if scanned. However putting you computer into this condition is not
recommended and may cause unwanted side effects. The best thing to do is to
follow the advice of the others. Update all of your software including your
kernel Most importantly your kernel. Close all services that you are not
using if you don't have need for a webserver then shut it down etc... Last
setup a packet filtering firewall. After you have done all of this your
computer would be very secure and could be cracked only by the best of
hackers. If you feel this is not secure enough and you think the investment
is worth it then by all means get a hardware firewall. However keep in-mind
you are only increasing your security by a small measure after you have
accomplished the other steps. Even after installing and configuring a
hardware firewall you are not bullet proof. You can still be hacked.