On Sun, Oct 28, 2007 at 08:35:30PM -0600, Telly Williams wrote: > Ansgar, Paolo, and David, > > Thanks for the help. I utilized your ideas and ran nmap and > nothing comes up (I did this from the same host, though). My
er... is your fw supposed to protect you from yourself? ;) try a remote scanner like grc.com's. > logs aren't writing anything now, or is it that my ports can't look at your itables-save, select a chain that goes through LOG, ask grc.com to strees a port for that chain. See what happens in the logs. > be "seen"?). Interestingly (to me), ports 0 and 1 come up as > closed (from grc.com, I assume because of the set limits that > make my firewall "adaptive"). If by 'adaptive' you mean the -m state on input, yes. Which is btw true for any other port you did not open explicitly. > > Only a small minority of people use the forward chain, right? I dunno ... you need FORWARD only if your machine routes packets for other machines, eg your machine sits betweeen the LAN and I'net. Or you've got some fancy virtual machines / alis iface setup. > Currently, I have OUTPUT accepting NEW,ESTABLISHED,RELATED. If > I'm thinking right about what you said Ansgar, the only thing I > need to worry about in OUTPUT is NEW, so I'm about to change it you need all 3. > Then why does the site http://www.grc.com keep referring to > ports as being under stealth? Are they defining "stealth" in a I guess (checking their port 113 write up) they just mean what the rule --state ESTABLISHED,RELATED on INPUT does. ie, in their wording, if you have such rule in INPUT chain (you do, right?) you can proudly say your machine if fully 'Stealthy(TM)' ;) > different way? What does one have to gain by propogating this > "marketing babble"? hype behind fw sw market. Just marketing, in other words. For some tech about 'stealth' mode, 'man nmap' - check for -sS -sF -sX -sN -sI; also check README and man page for hping2 or hping3 for some other insights. Good reading. -- paolo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

