Date: Thu, 16 May 2002 13:08:05 +0100 From: Marc Rogers <marcr@closed-networks.com> To: mohammad mirzaeenasir <hezare3@hotmail.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: HELP ME Message-ID: <20020516130805.I75489@closed-networks.com> In-Reply-To: <F193uYu2b0J1w3oeLbs00000b1f@hotmail.com>; from hezare3@hotmail.com on Thu, May 16, 2002 at 11:45:21AM %2B0000 References: <F193uYu2b0J1w3oeLbs00000b1f@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The obvious option is for you to place a firewall (either locally, or another machine) between the internet and your machine. By firewalling transparently either by using a stealth firewall or a totally transparent firewall any attackers that try to connect to firewalled ports will get timeouts. [The firewall should be configured to drop offending packets silently, as any politeness, such as informing the source that the destination is administratively blocked will betray the firewall] To be honest you probably dont have alot to gain. The vast majority of scanning that goes on out on the net is automated to some extent. This means unless the tool is unable to route to your machine at all, it will still try to scan every port it has been instructed to check. the presence of even a single open (or closed / filtered) port (mail,ssh, web etc) will betray the existence of a firewalled machine. I guess the success of this depends entirely on who is going to be using your machine. If there are no public services, then by using a "denied unless explicitly permitted" approach you will achieve a fairly good result. Hope this helps Marc Rogers Senior Systems Administrator Systems Architect Vizzavi On Thu, May 16, 2002 at 11:45:21AM +0000, mohammad mirzaeenasir wrote: > > DERA STAFF, > > HI, I INSTALLED A UNIX CACHE SERVER(SQUID), AND I DESABLED NETWORK > > DAEMON IN "INETD.CONF" AND I DESABLE "INETD" IN "RC.CONF".SO, IF SOMEONE > > TRY TO FTP MY UNIX BOX IT WILL BE RECIEVED "CONNECTION REFUSED". > > BUT WHAT I SHOULD LIKE YOU TO DO IS TO HELP ME TO FIND OUT WHAT CAN I > > DO IF SOME TCP CONNECTION RECIVE TO MY BOX, THE KERNEL IGNORE IT AND > > THE REMOTE MACHINE WILL RECIVE THE "CONNECTION TIMED OUT".IN THIS WAY > > THE CRACKER FIGURE OUT MY MACHINE IS DISCOONECTED AND WILL NOT TRY TO > > SCAN OTHER NETWORK PORTS. > > > THANK YOU VERY MUCH > MOHAMMAD > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020516130805.I75489>