From owner-freebsd-security Thu May 16 5: 8:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from shady.org (closed-networks.com [195.167.170.242]) by hub.freebsd.org (Postfix) with SMTP id DD6AA37B420 for ; Thu, 16 May 2002 05:08:11 -0700 (PDT) Received: (qmail 66698 invoked by uid 1000); 16 May 2002 12:08:05 -0000 Date: Thu, 16 May 2002 13:08:05 +0100 From: Marc Rogers To: mohammad mirzaeenasir Cc: freebsd-security@FreeBSD.ORG Subject: Re: HELP ME Message-ID: <20020516130805.I75489@closed-networks.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from hezare3@hotmail.com on Thu, May 16, 2002 at 11:45:21AM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The obvious option is for you to place a firewall (either locally, or another machine) between the internet and your machine. By firewalling transparently either by using a stealth firewall or a totally transparent firewall any attackers that try to connect to firewalled ports will get timeouts. [The firewall should be configured to drop offending packets silently, as any politeness, such as informing the source that the destination is administratively blocked will betray the firewall] To be honest you probably dont have alot to gain. The vast majority of scanning that goes on out on the net is automated to some extent. This means unless the tool is unable to route to your machine at all, it will still try to scan every port it has been instructed to check. the presence of even a single open (or closed / filtered) port (mail,ssh, web etc) will betray the existence of a firewalled machine. I guess the success of this depends entirely on who is going to be using your machine. If there are no public services, then by using a "denied unless explicitly permitted" approach you will achieve a fairly good result. Hope this helps Marc Rogers Senior Systems Administrator Systems Architect Vizzavi On Thu, May 16, 2002 at 11:45:21AM +0000, mohammad mirzaeenasir wrote: > > DERA STAFF, > > HI, I INSTALLED A UNIX CACHE SERVER(SQUID), AND I DESABLED NETWORK > > DAEMON IN "INETD.CONF" AND I DESABLE "INETD" IN "RC.CONF".SO, IF SOMEONE > > TRY TO FTP MY UNIX BOX IT WILL BE RECIEVED "CONNECTION REFUSED". > > BUT WHAT I SHOULD LIKE YOU TO DO IS TO HELP ME TO FIND OUT WHAT CAN I > > DO IF SOME TCP CONNECTION RECIVE TO MY BOX, THE KERNEL IGNORE IT AND > > THE REMOTE MACHINE WILL RECIVE THE "CONNECTION TIMED OUT".IN THIS WAY > > THE CRACKER FIGURE OUT MY MACHINE IS DISCOONECTED AND WILL NOT TRY TO > > SCAN OTHER NETWORK PORTS. > > > THANK YOU VERY MUCH > MOHAMMAD > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message