Nope, I found the answer myself right after I sent this email. The answer is that you do NOT want to REJECT packets only, but that you want to REJECT them in a specific manner. You want to send a TCP RESET which makes the port scanner think that there is nothing there...
IPCHAINS does not have the ability be default (but there are some add ons that create it), but IPTABLES does. The statement looks like this: iptables -A INPUT -p tcp -s 0/0 -j REJECT --reject-with tcp-reset This will "stealth" all your tcp ports to portscans... and block connections, so you would need to add some ACCEPT statements of course... Of course, if I have my interpretation wrong, please let me know. But, I re-scanned my box with NMAP, and a few other scanners and none of them detected the presence of any ports, filtered or otherwise. Thanks for your answer! Regards- Jay Thus spake Hiemstra, Brenno ([EMAIL PROTECTED]): > Well... > > Basically what your firewall is doing now is "drop" the IP packet. > > What you are wanting is to "reject" the connection. This will mean > that your firewall will send an ICMP packet back to let the source > know that there isnt such IP address or a listening port there... > > The problem with this setup is that this will reveil your firewall for > the "portscanner" because it receives an ICMP packet from the > firewalls' IP address and NOT the scanned IP address. (assuming > that you are scanning an IP address that is behind the firewall... > not the firewall itself). > > Hope this answers your question... > > Regards, > > > Brenno > > > -----Original Message----- > > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > > Sent: donderdag 17 januari 2002 4:11 > > To: [EMAIL PROTECTED] > > Subject: iptables/linux - filtered ports? > > > > Hey all- > > > > My apologies if I am rehashing a previous topic, but I didn't find it in > > the archives. > > > > I recently setup a linux firewall using iptables and then ran an nmap > > against the host. Nmap reported a few ports, all of them "filtered" > > instead of open. As I understand it, this means that nmap is not sure > > if the port is open or not, because it is not getting any return > > packets. > > > > Is there a way to use iptables to "stealth" the port? In other words, > > can iptables be configured in such a way as to make port scanners think > > that a port (or a host!) does not even exist at the specified ip? > > > > Would adding a filter against icmp be enough (since nmap pings for hosts > > first... unless told not to)? > > > > - J > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
