RE: Blocking Ports from showing up in scans

To: 'Phill Kenoyer' <phill@kenoyer.com>
Cc: "'debian-firewall@lists.debian.org'" <debian-firewall@lists.debian.org>
Subject: RE: Blocking Ports from showing up in scans
From: Cory Petkovsek <CoryP@Petersen-Arne.com>
Date: Tue, 21 Nov 2000 13:45:35 -0800
Message-id: <[🔎] 80F1C363CEDCD3118AE60008C79FFE6C6B92@ARNE>

Search on freshmeat.net (or google) for rc.firewall, firemasq and firedog

You'll find examples of scripts that use IP chains.

You can learn from those examples.  rc.firewall is actually a script that
enables rules such as, "deny anyone from the outside pretending to be an
inside address", etc.

You can then create a rule that says basically:
source 10.0.0.0/24 port 111 destination $internalinterface port 111 allow
source 0.0.0.0/24 port 111 destination $externalinterface port 111 deny

The regular rc.firewall won't have the port specific blocks, but firedog and
firemasq do.

Cory

-----Original Message-----
From: Phill Kenoyer [mailto:phill@kenoyer.com]
Sent: Tuesday, November 21, 2000 1:15 PM
To: Debian Firewall List
Subject: Blocking Ports from showing up in scans


I have a small masq/web server on a DSL.  I would like to make it a bit more
secure.  Its a default install of debian.  I have nfs and samba running for
my workstations to have access to the box.  I have most things turned off
like telnet and ftp.  What I would like to do is block a few ports from the
outside, but keep them for the local net.  I dont really want to learn
ipchains, because I dont have the time right now.  I've very busy, and I
would just like to do my work, but an example of how to do this would teach
me a great deal.  I have not found anything on web searches that would build
the rules for me, that would run on a server without X installed.  If anyone
is willing to do the rules for me, I would really be happy.  Thanks.

eth0 is 10.0.0.1, private
eth1 is public.

My private network is using 10.0.0.x.

ip_masq deb is installed.

I have the following ports open on my server.  I have marked with * the ones
that I want to close off to the outside, and have them not show up in a port
scan.

(The 1505 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
25/tcp     open        smtp                    
53/tcp     open        domain                  
80/tcp     open        http                    
110/tcp    open        pop-3                   
*111/tcp    open        sunrpc                  
113/tcp    open        auth                    
*139/tcp    open        netbios-ssn             
389/tcp    open        ldap                    
443/tcp    open        https                   
*515/tcp    open        printer                 
*829/tcp    open        unknown                 
*899/tcp    open        unknown                 
*983/tcp    open        unknown                 
*2049/tcp   open        nfs                     
*3306/tcp   open        mysql                   
*5432/tcp   open        postgres                

-- 
 _   |       _           
(_()(|('.|)('||.|()|`|(


--  
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Prev by Date: Blocking Ports from showing up in scans
Next by Date: Re: Blocking Ports from showing up in scans
Previous by thread: Blocking Ports from showing up in scans
Next by thread: Re: Blocking Ports from showing up in scans
Index(es):
- Date
- Thread