From owner-freebsd-security Thu May 16 11:14:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from tesla.foo.is (tesla.reverse-bias.org [217.151.166.96]) by hub.freebsd.org (Postfix) with ESMTP id 61E4F37B409 for ; Thu, 16 May 2002 11:13:48 -0700 (PDT) Received: from there (eniac.foo.is [192.168.1.25]) by tesla.foo.is (Postfix) with SMTP id F059E2744; Thu, 16 May 2002 18:13:41 +0000 (GMT) Content-Type: text/plain; charset="iso-8859-1" From: Baldur Gislason To: Marc Rogers Subject: Re: HELP ME Date: Thu, 16 May 2002 18:13:04 +0000 X-Mailer: KMail [version 1.3.2] References: <20020516130805.I75489@closed-networks.com> In-Reply-To: <20020516130805.I75489@closed-networks.com> Cc: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020516181342.F059E2744@tesla.foo.is> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org There's also a sysctl value, net.inet.tcp.blackhole that if set to 1 will make the kernel ignore packets coming to closed ports rather than sending a packet back with the RST flag set. Baldur On Thursday 16 May 2002 12:08, you wrote: > The obvious option is for you to place a firewall (either locally, or > another machine) between the internet and your machine. By firewalling > transparently either by using a stealth firewall or a totally transparent > firewall any attackers that try to connect to firewalled ports will get > timeouts. > > [The firewall should be configured to drop offending packets silently, as > any politeness, such as informing the source that the destination is > administratively blocked will betray the firewall] > > To be honest you probably dont have alot to gain. The vast majority of > scanning that goes on out on the net is automated to some extent. This > means unless the tool is unable to route to your machine at all, it will > still try to scan every port it has been instructed to check. the presence > of even a single open (or closed / filtered) port (mail,ssh, web etc) will > betray the existence of a firewalled machine. > > I guess the success of this depends entirely on who is going to be using > your machine. If there are no public services, then by using a "denied > unless explicitly permitted" approach you will achieve a fairly good > result. > > > Hope this helps > > > > > Marc Rogers > Senior Systems Administrator > Systems Architect > Vizzavi > > On Thu, May 16, 2002 at 11:45:21AM +0000, mohammad mirzaeenasir wrote: > > DERA STAFF, > > > > HI, I INSTALLED A UNIX CACHE SERVER(SQUID), AND I DESABLED NETWORK > > > > DAEMON IN "INETD.CONF" AND I DESABLE "INETD" IN "RC.CONF".SO, IF SOMEONE > > > > TRY TO FTP MY UNIX BOX IT WILL BE RECIEVED "CONNECTION REFUSED". > > > > BUT WHAT I SHOULD LIKE YOU TO DO IS TO HELP ME TO FIND OUT WHAT CAN I > > > > DO IF SOME TCP CONNECTION RECIVE TO MY BOX, THE KERNEL IGNORE IT AND > > > > THE REMOTE MACHINE WILL RECIVE THE "CONNECTION TIMED OUT".IN THIS WAY > > > > THE CRACKER FIGURE OUT MY MACHINE IS DISCOONECTED AND WILL NOT TRY TO > > > > SCAN OTHER NETWORK PORTS. > > > > > > THANK YOU VERY MUCH > > MOHAMMAD > > > > > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at > > http://explorer.msn.com/intl.asp. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message