Re: Making a box disappear

From: misase_kim (mkim@none.de)
Date: 04/10/02 

From: misase_kim <mkim@none.de>
Date: Tue, 09 Apr 2002 22:02:28 GMT

If you are only serving ftp then what bout binding to a another obscure
port. And a drop will give a host not found.

nihil wrote:

> I have a semi-theoretical question I was hoping to discuss.
>
> I have a fairly common setup, cable modem inbound to a linux 2.4.x box
> with a local lan. The linux box serves out SSH, ftp, imap, smtp, and
> http connections, though none of them are designed to be public. (in
> case anyone tracks me down, they are used for remote access, which is
> fair under my AUP)
>
> In most cases I do not want to filter so stringently that I cannot
> touch the box from wherever I want. And I still want to be able to
> allow selected people 1-time download access via ftp (through a nice
> chrooted ftp account). However, I prefer to stay off everyone's
> radar.
>
> Plus, I'm curious if I can do this. Here is the idea (somewhat stolen
> from other postings I've seen here):
>
> When you open a shoebox, if its empty, you expect to see the bottom of
> a shoebox. If you open it and see a black hole of nothingness, you
> know something is up.
>
> So, when someone scans me, or hits a service from a box I decided I
> didnt like, instead of doing a DROP on iptables, I want to do a
> REJECT. Then presumably, on the way out, I would like to SNAT it to
> my ISP's router, turning it from a "Port Unavailable" (Host alive, but
> rejected) to a "Host Unavailable" (Host not found)
>
> I'm still doing the research to pull it off, but I was curious if
> anyone has ever tried (or succeeded in) doing this. Or if you think
> it will break things.
>
> Which it might. A scan of the box (while portsentry is off) would
> return a bunch of "Host Unavailable" responses next to some valid
> services. I dont see any problems right now, but together with some
> nice packet flag/conntrack rules, I should be able to completely
> disappear from nmap et al.
>

Relevant Pages

  • Re: Dynamic ip and ftp
    ... i do not have a router that support ddns but using dynamic ... update client software to map public ip to host name. ... have a router that supports Port Address Mapping & Dynamic DNS.You ... internal FTP Server's IP Address for FTP. ...
    (microsoft.public.windows.server.general)
  • Re: FTP with NLB
    ... In the single host environment the application & the FTP used to work fine. ... If I use single affinity then the request are not passed to the other host if my application gives any problem related to the port service so I have to either restart the machine or restart the service. ...
    (microsoft.public.windows.server.clustering)
  • Making a box disappear
    ... I have a fairly common setup, cable modem inbound to a linux 2.4.x box ... allow selected people 1-time download access via ftp (through a nice ... When you open a shoebox, if its empty, you expect to see the bottom of ... rejected) to a "Host Unavailable" ...
    (comp.security.firewalls)
  • Re: custom, network install server
    ... > Has anyone ever managed to use the theoretical install from host to host ... > useradd -m swadmin ... > On the new box I can ftp oldbox and log in as swadmin no problems ...
    (comp.unix.sco.misc)
  • Re: SYSCONF and FTPIT jobs
    ... belonging to the 192.168/16 netblock and is connected to the ftp host via ... I also have concerns about the generated ftpin file. ... 200 PORT command successful. ...
    (comp.sys.hp.mpe)