Date: Thu, 16 May 2002 18:13:04 +0000 From: Baldur Gislason <baldur@foo.is> To: Marc Rogers <marcr@closed-networks.com> Cc: freebsd-security@freebsd.org Subject: Re: HELP ME Message-ID: <20020516181342.F059E2744@tesla.foo.is> In-Reply-To: <20020516130805.I75489@closed-networks.com> References: <F193uYu2b0J1w3oeLbs00000b1f@hotmail.com> <20020516130805.I75489@closed-networks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
There's also a sysctl value, net.inet.tcp.blackhole that if set to 1 will make the kernel ignore packets coming to closed ports rather than sending a packet back with the RST flag set. Baldur On Thursday 16 May 2002 12:08, you wrote: > The obvious option is for you to place a firewall (either locally, or > another machine) between the internet and your machine. By firewalling > transparently either by using a stealth firewall or a totally transparent > firewall any attackers that try to connect to firewalled ports will get > timeouts. > > [The firewall should be configured to drop offending packets silently, as > any politeness, such as informing the source that the destination is > administratively blocked will betray the firewall] > > To be honest you probably dont have alot to gain. The vast majority of > scanning that goes on out on the net is automated to some extent. This > means unless the tool is unable to route to your machine at all, it will > still try to scan every port it has been instructed to check. the presence > of even a single open (or closed / filtered) port (mail,ssh, web etc) will > betray the existence of a firewalled machine. > > I guess the success of this depends entirely on who is going to be using > your machine. If there are no public services, then by using a "denied > unless explicitly permitted" approach you will achieve a fairly good > result. > > > Hope this helps > > > > > Marc Rogers > Senior Systems Administrator > Systems Architect > Vizzavi > > On Thu, May 16, 2002 at 11:45:21AM +0000, mohammad mirzaeenasir wrote: > > DERA STAFF, > > > > HI, I INSTALLED A UNIX CACHE SERVER(SQUID), AND I DESABLED NETWORK > > > > DAEMON IN "INETD.CONF" AND I DESABLE "INETD" IN "RC.CONF".SO, IF SOMEONE > > > > TRY TO FTP MY UNIX BOX IT WILL BE RECIEVED "CONNECTION REFUSED". > > > > BUT WHAT I SHOULD LIKE YOU TO DO IS TO HELP ME TO FIND OUT WHAT CAN I > > > > DO IF SOME TCP CONNECTION RECIVE TO MY BOX, THE KERNEL IGNORE IT AND > > > > THE REMOTE MACHINE WILL RECIVE THE "CONNECTION TIMED OUT".IN THIS WAY > > > > THE CRACKER FIGURE OUT MY MACHINE IS DISCOONECTED AND WILL NOT TRY TO > > > > SCAN OTHER NETWORK PORTS. > > > > > > THANK YOU VERY MUCH > > MOHAMMAD > > > > > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at > > http://explorer.msn.com/intl.asp. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020516181342.F059E2744>