Re: iptables and port scan
From: Cedric Blancher (blancher@cartel-securite.fr)Date: 02/12/02
- Next message: Odd H. Sandvik: "Re: Sonicwall VPN Client "Time out" problem"
- Previous message: Eirik Seim: "Re: stealth bridge -- will this work?"
- In reply to: Lutz Donnerhacke: "Re: iptables and port scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Cedric Blancher <blancher@cartel-securite.fr> Date: Tue, 12 Feb 2002 13:11:21 +0000 (UTC)
Dans sa prose, Lutz Donnerhacke (lutz@iks-jena.de) nous ecrivait :
> Why is TCP/80 privileged over all other ports, so that accessing TCP/80 on
> any host is not considered illegal while TCP/443, TCP/22 or anything else
> are assumed to be a taliban attack to the free world?
It is not a privileged port, it is an example. But please, stop writing
ILLEGAL all the way... I do not send a horde of huns against those who
reach ports I do not want to : that is not the point. I block, and I do
not get why I should not.
If I offer HTTPS to the world, be sure it will be mentionned.
> So please, pretty please, describe how to find out which services are
> offered to the internet by a given (random) host.
This a deaf discussion. To get this, you have to try, yes, sure, all you
want. But, it is not a normal behaviour (not an illegal one, please
notice) to do this. I do not "prosecute" anybody, I just _drop_.
> I'm really sorry, if I did not notice your proposal.
You did not provide me a "good" reason to map all services accessible on
a random host.
> I'd need to know a special service. (I.e. TCP/25 or TCP/1234)
But why ? You gave TCP/25 example : just ask your DNS...
cbr@elendil:~$ host -t MX cartel-securite.fr
cartel-securite.fr MX 5 smtp.cartel-info.fr
No portscan.
> How do I find out those information without requiring services not related
> to my primary goal I do not have a permit for? How do I determine if you
> offer FTP oder SSH services?
You ISP offers you DNS service. With this service, you can reach my
DNS and my SMTP. You can ask for a website, using www on my domain. On
this website, you'll find links. If I offer CVS to public, it will be
mentionned, if I offer FTP, it will be mentionned, and so on.
If I want you to access a restricted area using FTP or SSH, I will
personnaly email you to give you access, login and pass.
> I found an A record for your hostname. Which services can I derivate from
> this?
The only reference for the services I offer to anonymous user is my website.
My website is called www. Was it so difficult to find ?
Now, just notice. I drop packets, but I do not prosecute anybody and I
do not block portscans. Feel free to scan hosts and find services you
like, you just won't be able to use them because they are restricted. So
please discuss about illegal thing, talibans attacks and stuff.
But do not tell me you add a good reason to find a restricted HTTPS
server.
>>My english is hopefully not good enough to let me translate what I think
>>of such a link as an illustration of "clickable links".
> Please feel free to do it in French.
Foutage de gueule.
-- > Seriez gentils de garder "Hordes" ou "moutons" dans le sujet de vos > enfilades "débiles" ; comme ça, je peux demander à OE de les > filtrer. -+- NM in Guide du linuxien pervers - "Bien configurer sa secrétaire"
- Next message: Odd H. Sandvik: "Re: Sonicwall VPN Client "Time out" problem"
- Previous message: Eirik Seim: "Re: stealth bridge -- will this work?"
- In reply to: Lutz Donnerhacke: "Re: iptables and port scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
