also sprach David Bishop <[EMAIL PROTECTED]> [2002.01.11.1550 +0100]:
> > you can configure iptables to return ICMP type 3 "port unreachable"
> > packets, just like the OS would, using the REJECT target. that's what
> > you want to do. to get your desired effect.
>
> I'll look into that, thanks.
also sprach David Bishop <[EMAIL PROTECTED]> [2002.01.11.1550 +0100]:
> > you can configure iptables to return ICMP type 3 "port unreachable"
> > packets, just like the OS would, using the REJECT target. that's what
> > you want to do. to get your desired effect.
>
> I'll look into that, thanks.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 10 January 2002 04:14 pm, martin f krafft wrote:
> also sprach David Bishop <[EMAIL PROTECTED]> [2002.01.10.1634 +0100]:
> > I'm running a server that's hot to the net, and running some insecure
> > services (by necessity), like nfs. Of co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 10 January 2002 04:14 pm, martin f krafft wrote:
> also sprach David Bishop <[EMAIL PROTECTED]> [2002.01.10.1634 +0100]:
> > I'm running a server that's hot to the net, and running some insecure
> > services (by necessity), like nfs. Of c
On Fri, 11 Jan 2002 00:14, martin f krafft wrote:
> however, DENYing has the advantage of *severly* slowing any portscan,
> and because obscurity is not a security measure[1] and REJECT not being
> any safer then DENY, you are really not gaining anything...
Another point is that you may not want t
On Fri, Jan 11, 2002 at 12:18:13AM +0100, martin f krafft wrote:
> [greg: please wrap your lines at 76 characters...]
>
> also sprach Greg Hunt <[EMAIL PROTECTED]> [2002.01.10.1850 +0100]:
> > The reason it reports it as filtered is if someone tries to
> > connect to a port on which you're not run
On Fri, 11 Jan 2002 00:14, martin f krafft wrote:
> however, DENYing has the advantage of *severly* slowing any portscan,
> and because obscurity is not a security measure[1] and REJECT not being
> any safer then DENY, you are really not gaining anything...
Another point is that you may not want
On Fri, Jan 11, 2002 at 12:18:13AM +0100, martin f krafft wrote:
> [greg: please wrap your lines at 76 characters...]
>
> also sprach Greg Hunt <[EMAIL PROTECTED]> [2002.01.10.1850 +0100]:
> > The reason it reports it as filtered is if someone tries to
> > connect to a port on which you're not ru
[greg: please wrap your lines at 76 characters...]
also sprach Greg Hunt <[EMAIL PROTECTED]> [2002.01.10.1850 +0100]:
> The reason it reports it as filtered is if someone tries to connect to
> a port on which you're not running a service, say port 12345, your
> server will respond back with a TCP/
also sprach David Bishop <[EMAIL PROTECTED]> [2002.01.10.1634 +0100]:
> I'm running a server that's hot to the net, and running some insecure
> services (by necessity), like nfs. Of course, I used iptables to
> block all those ports, using nmap and netstat to double check all my
> open ports. How
[greg: please wrap your lines at 76 characters...]
also sprach Greg Hunt <[EMAIL PROTECTED]> [2002.01.10.1850 +0100]:
> The reason it reports it as filtered is if someone tries to connect to
> a port on which you're not running a service, say port 12345, your
> server will respond back with a TCP
also sprach David Bishop <[EMAIL PROTECTED]> [2002.01.10.1634 +0100]:
> I'm running a server that's hot to the net, and running some insecure
> services (by necessity), like nfs. Of course, I used iptables to
> block all those ports, using nmap and netstat to double check all my
> open ports. Ho
Firstly look through the services you run and see if they can be bound to a
single interface only. If they run from inetd you can replace it with
xinetd to gain this functionality. Secondly (and this may or may not work
I've never actually tried it), you could try rejecting the packets rather
t
Firstly look through the services you run and see if they can be bound to a
single interface only. If they run from inetd you can replace it with
xinetd to gain this functionality. Secondly (and this may or may not work
I've never actually tried it), you could try rejecting the packets rather
The reason it reports it as filtered is if someone tries to connect to a port
on which you're not running a service, say port 12345, your server will respond
back with a TCP/IP packet with the RST, ACK flags set (I know RST, I think ACK
too). nmap sees this as closed. If you filter something out
The reason it reports it as filtered is if someone tries to connect to a port on which
you're not running a service, say port 12345, your server will respond back with a
TCP/IP packet with the RST, ACK flags set (I know RST, I think ACK too). nmap sees
this as closed. If you filter something ou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm running a server that's hot to the net, and running some insecure
services (by necessity), like nfs. Of course, I used iptables to block all
those ports, using nmap and netstat to double check all my open ports.
However, what nmap reports back
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm running a server that's hot to the net, and running some insecure
services (by necessity), like nfs. Of course, I used iptables to block all
those ports, using nmap and netstat to double check all my open ports.
However, what nmap reports bac
18 matches
Mail list logo
