On Mon, Mar 16, 2009 at 1:21 PM, James Keeline <keel...@yahoo.com> wrote: > Of course, someone nasty might wright a program which would look closed or > filtered for the first couple of nmap inquiries and only open under certain > conditions (source IP, etc.). Like anything else, nmap is just a tool. Use > it well and understand its limits.
Steve Gibson recommends setting all your ports the same (either open, closed, or filtered). His reasoning is that ports set differently than the others are just alerting potential attackers about what's actually running on your machine. I don't completely follow his suggestion for my personal server; I leave 22 and 80 open and everything else filtered. On my servers at work, however, all ports appear filtered unless you're in a whitelist I've defined for access via 22, 443, or "all" (the last of which is only the local subnet). -- Brad Beyenhof . . . . . . . . . . . . . . . . . http://augmentedfourth.com Life would be so much easier if only (3/2)^12=(2/1)^7. -- KPLUG-Newbie@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
