Hopefully, this is only slightly off-topic. I just replaced a commercial firewall with a RH 7.3 machine running IPTables. Several non-IT employees found comfort in running Gibson's port scan (http://www.grc.com). With the old firewall in place, a port scan showed all ports as 'stealth' (besides 80 which is forwarded to another machine).
With the new IPTables box, port 80 still comes up as open as expected, but many other ports are listed as 'closed'. Strange. For example, the firewall, which uses IP Masq, doesn't run any services (OK, hardly any). 'netstat -a | grep LISTEN' shows: tcp 0 0 *:ssh *:* LISTEN It's certainly not running POP anywhere. But Gibson's scan shows port 110 as 'closed', not 'stealth'. His site defines 'closed' as: "'Closed' is the best you can hope for without a stealth firewall in place. Anyone scanning past your IP address will immediately detect your PC, but "closed" ports will quickly refuse connection attempts. Your computer might still be crashed or compromised through a number of known TCP/IP stack vulnerabilities." and 'stealth' as: "If all of the tested ports were shown to have stealth status, then for all intents and purposes your computer doesn't exist to scanners on the Internet! It means that either your computer is turned off or disconnected from the Net (which seems unlikely since you must be using it right now!) or an effective stealth firewall is blocking all unauthorized external contact with your computer. This means that it is completely opaque to random scans and direct assault." Being that there really should be 'no evidence that these ports exist' (because they don't!), what's the real deal here? Basically, I know not to trust everything grc says, but I have some explaining to do and need to be diplomatic about it. Thanks! -- Jeff Stillwall [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
