LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] port scanning.. continued.

[ILUG] port scanning.. continued.

Smelly Pooh plop at redbrick.dcu.ie
Tue Mar 14 15:00:32 GMT 2000 

In reply to Breathnach, Proinnsias (Dublin)'s flatulent wordings, 
> Quick hint I picked up some time ago ... set ipfwadm to 'reject' as opposed
> to deny, that way the box doesn't 'look' like a *nix box, but a Win'9x one
> ... (Win'9x can't deny connections, rather it rejects them with no "reason",
> "deny" sends back a message saying "You're not allowed in", reject just
> looks like a black-hole ... it might help ...

Surely deny drops connections and reject says you're not allowed in?  Or at a
lower level, reject should send a tcp reset packet back which is normal if
there's no server running on that port.  The windows behaviour is to send a
reset back (although you can get shareware packet filters for windows),
whereas a lot of firewalls just drop and ignore the packet.  You can try to
make your box look like a windows one that way, but if you were using nmap or
queso or some such software that does packet fingerprinting they could usually
tell what OS you're running anyway.  If you stuck with just dropping packets
however it gives them less information to try fingerprint and a firewall that
just drops packets takes magnitudes longer to portscan because the portscanner
can rely only on an internal timeout whenever it connects to a port, not a
reset or a syn/ack reply from the server which obviously must be less than the
timeout, many port scanners by default even refuse to try and scan a host
unless it can ping it first, so incoming ICMP requests might be worth dropping
aswell.

> As for contacting the admin, do !

Don't, Dave Airlie's analysis was pretty accurate (except the icmp 3 bad port
message was going in the other direction I think), when you browse somebody
else's webshite, the connection gets closed and they say bad port the next
time you try to use that connection, they're hardly trying to hack your
machine.

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell