On Wed, Feb 25, 2004 at 09:09:50AM -0500, Harland Christofferson wrote: > i have had a firewall configured to drop inbound packets on ports > that i am not using via iptables.
What relevant lines can you give us from that firewall? >i ran a port scanning utility from > an external machine. the utility detected that, although the ports > were _closed_, the ports still responded to the port scan utility. > i suspect that data destine for these _closed_ ports is being put > in the TCP/UDP stack. i further suspect that malicious code could > take advantage of bugs in the stack if there are any. i wish to be > able to _block_ these ports entirely. i do not have the services > running in the /etc/inetd.conf file. I could be wrong, but attackable ports are those that are being listened to according to netstat -tulp. > how may i do this? i have read some firewall-ing howtos but the ones > i have read refer to iptables (or ipchains). That seems like what you should be reading to me, after all you did mention that you are running iptables. Also, man iptables. >by the way, i am running > a 2.4.18 kernel. Make sure it's patched up to date. There have been vulnerabilities. Patrick Lesslie
