Slightly OFF-TOPIC, I have a Cable Modem that dishes out a DHCP address to my Linux Gateway/Firewall server behind which is my home network.
I used to get scanned several times a day the time until I started dropping ICMP Echo-requests, now I only get scanned once or twice a week, and usually just on ports where there are known vulnerabilities. (I of course keep the server up2date). So I run a few extra services on the internet (only a few) and I am the only person who ever needs them, so I run them on high un-reserved ports so that they don't get hit by the script-kiddies. In the unlikely event that there is a mass script-kiddie scanning fest on a remote exploit to a service that I am running and I haven't yet applied the patch, chances are that most (if not all) script-kiddies will miss it running on the higher port until I can fix it. Yeah, I know about the olde "security-through-obscurity" witticism, but I have demonstrable evidence that shows a dramatic decrease in hackerism on my box because of it. Anyway, just a thought. On Mon, 2002-12-09 at 23:00, Hal Burgiss wrote: > On Mon, Dec 09, 2002 at 10:02:57PM -0500, Michael Fratoni wrote: > > If your firewall is refusing the connections, the scanner will show closed > > ports. If the rules instead drop the packets, the ports will show up as > > stealth. > > > > Try changing the firewall rules policy from REJECT to DROP > > Note that dropping ident requests can result in causing connection delays, > > you may want to reject those requests instead. > > Its also possible iptables is misconfigured and is not even touching > these packets, which results in a "closed" condition. I would enable > logging for port 110, and see what iptables says. You can test with a > 'telnet $host 110' to force a connection attempt. DROP, also of > course, is what you want. > > My personal opinion is that if you have one port open, then you are > visible, and there is little point in worrying about DROP vs REJECT. > I would still make sure the firewall is protecting what you think it > is, and only what you want unfiltered is indeed the case. .02 > > -- > Hal Burgiss > > > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
