Linux Firewall

when i make the rules of iptables after when i test from outside
always in the results are ports are filtered, exists some way to
make the filtered port invisible to the network and dont look
like are closed ? maybe some kernel or iptables patchs.
Thank You
Best Regars

On 10 Apr 2007 07:21:00 -0700, gferragut
<(E-Mail Removed)> wrote:
>
>
> when i make the rules of iptables after when i test from outside
> always in the results are ports are filtered, exists some way to
> make the filtered port invisible to the network and dont look
> like are closed ? maybe some kernel or iptables patchs.
> Thank You
> Best Regars
>

Change "REJECT" to "DROP" in your rules.


--
The world is moving so fast these days that the man who says it can't be
done is generally interrupted by someone doing it.
-- E. Hubbard

On 10 abr, 19:39, Bill Marcum <marcumb...@bellsouth.net> wrote:
> On 10 Apr 2007 07:21:00 -0700, gferragut
>
> <gferra...@gmail.com> wrote:
>
> > when i make the rules of iptables after when i test from outside
> > always in the results are ports are filtered, exists some way to
> > make the filtered port invisible to the network and dont look
> > like are closed ? maybe some kernel or iptables patchs.
> > Thank You
> > Best Regars
>
> Change "REJECT" to "DROP" in your rules.
>
> --
> The world is moving so fast these days that the man who says it can't be
> done is generally interrupted by someone doing it.
> -- E. Hubbard

when you put drop the nmap says filtered-fi port , i would
exist some way to the nmap or portscanner dont see that
port !!

On Tue, 10 Apr 2007 13:01:53 -0700, gferragut wrote:

> On 10 abr, 19:39, Bill Marcum <marcumb...@bellsouth.net> wrote:
>> On 10 Apr 2007 07:21:00 -0700, gferragut
>>
>> <gferra...@gmail.com> wrote:
>>
>> > when i make the rules of iptables after when i test from outside
>> > always in the results are ports are filtered, exists some way to
>> > make the filtered port invisible to the network and dont look
>> > like are closed ? maybe some kernel or iptables patchs.
>> > Thank You
>> > Best Regars
>>
>> Change "REJECT" to "DROP" in your rules.

> when you put drop the nmap says filtered-fi port , i would exist
> some way to the nmap or portscanner dont see that port !!

When nmap says "filtered" it means it cannot see the port, i.e. no
response at all was received from its probe. Nmap knows what the valid
range of port numbers is of course.

A closed port is different, this means that a negative response such as an
ICMP port unreachable or a TCP reset was received.

How much more invisible do you want it?

Regards, Ian

On 10 Apr 2007, in the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed). com>, gferragut wrote:

>Bill Marcum <marcumb...@bellsouth.net> wrote:

>> <gferra...@gmail.com> wrote:
>>
>>> when i make the rules of iptables after when i test from outside
>>> always in the results are ports are filtered, exists some way to
>>> make the filtered port invisible to the network and dont look
>>> like are closed ? maybe some kernel or iptables patchs.

>> Change "REJECT" to "DROP" in your rules.

I suspect that's what he had to start with

>when you put drop the nmap says filtered-fi port , i would
>exist some way to the nmap or portscanner dont see that
>port !!

Certainly. Disconnect the computer. After some time, the upstream
router will notice you are no longer reachable, and will return an
ICMP Type 3 Code 1, and NO ONE will be able to see your computer.

While you are waiting for that to happen, you might try reading the
nmap man page to understand why nmap reports the ports as filtered.
Contrary to what the marketing id10t named Steve Gibson says, there
is no such thing as a stealth configuration. If there is a service
listening at a port, nmap or even telnet will show the port as "Open".
If there is no service listening, or if a firewall is rejecting the
connection, nmap or telnet will show the port as closed. If you set
the firewall rule to DROP, then nmap will show the port as filtered,
and telnet will eventually time out and fail. Either mechanism tells
anyone who has ever used 'traceroute' that there is a host here, it is
alive, and is remaining silent because the person configuring the
filewall thinks this makes it invisible. If there really isn't a
host there - please disconnect the network to prove it - the UPSTREAM
router won't be able to forward packets to you, and will tell everyone
that there is no host here. But with the firewall merely dropping
the connection, the upstream knows you exist, AND DOES NOT LIE TO
OTHERS - no 'host unreachable' message - which means the host IS there.

Old guy

Hello,

Moe Trin a écrit :
> [...] If there really isn't a host there the UPSTREAM
> router won't be able to forward packets to you, and will tell everyone
> that there is no host here.

That would be true in a perfect world where every router is RFC
compliant. Unfortunately I have seen too many routers not sending back
ICMP Host Unreachable messages when the target is not there...

On 11 abr, 22:01, Pascal Hambourg <boite-a-s...@plouf.fr.eu.org>
wrote:
> Hello,
>
> Moe Trin a écrit :
>
> > [...] If there really isn't a host there the UPSTREAM
> > router won't be able to forward packets to you, and will tell everyone
> > that there is no host here.
>
> That would be true in a perfect world where every router is RFC
> compliant. Unfortunately I have seen too many routers not sending back
> ICMP Host Unreachable messages when the target is not there...

yes is the true, but im remember once time a security team who
´s develop someting to detect scanners and the ports when
u did nmap dont apear but if you open the browser the webserver
is there