Brad Beyenhof wrote: > On Mon, Mar 16, 2009 at 1:21 PM, James Keeline <[email protected]> wrote: >> Of course, someone nasty might wright a program which would look closed or >> filtered for the first couple of nmap inquiries and only open under certain >> conditions (source IP, etc.). Like anything else, nmap is just a tool. Use >> it well and understand its limits. > > Steve Gibson recommends setting all your ports the same (either open, > closed, or filtered). His reasoning is that ports set differently than > the others are just alerting potential attackers about what's actually > running on your machine. > > I don't completely follow his suggestion for my personal server; I > leave 22 and 80 open and everything else filtered. On my servers at > work, however, all ports appear filtered unless you're in a whitelist > I've defined for access via 22, 443, or "all" (the last of which is > only the local subnet). >
Would it be correct to say that "filtered" translates to a DENY rule in the firewall, and maybe closed translates to a REJECT? Or is there more to it? Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
