-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 9 Dec 2002 22:02:57 -0500, Michael Fratoni wrote:
> On Monday 09 December 2002 09:35 pm, Jeff Stillwall wrote: > > > > I just replaced a commercial firewall with a RH 7.3 machine running > > IPTables. Several non-IT employees found comfort in running > > Gibson's port scan (http://www.grc.com). With the old firewall in > > place, a port scan showed all ports as 'stealth' (besides 80 which > > is forwarded to another machine). > > If your firewall is refusing the connections, the scanner will show > closed ports. If the rules instead drop the packets, the ports will > show up as stealth. > > Try changing the firewall rules policy from REJECT to DROP > Note that dropping ident requests can result in causing connection > delays, you may want to reject those requests instead. Also note that if at least a single port is not "stealth", your whole machine is not "stealth" either. So, for instance, if you have the ssh port open and/or reject connections to the identd port and all other ports DROP packets, an average port scanner detects presence of your machine already when checking the first well-known ports. "Stealth" makes only sense, if *all* ports are "stealth". In other words, forget about that "stealth hype" when you want a single port that does not DROP packets. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE99a7m0iMVcrivHFQRAiOyAJ95rJAMr3HkKMm7vKF2y5jsBQ6LNgCdHyjg H0sqCcwTLvKcdUNVyPRIJJw= =xR0Z -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
