Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Hi, Steph, I am using the rule set from stronger firewall, just modified to reflect my system: http://www.tldp.org/HOWTO/IP-Masquer...-examples.html
I am on DSL - PPPoE, I scan my system with nmap to see what's up, and all the ports are filtered, according to dslreports.com security test my address is not pingable, according to grc.com ShieldsUp all Windows-weak ports are stealth - but I care less about grc goop, nmap shows that all ports are filtered
P.S. When portscanning with nmap make sure you scan from a remote machine.
P.S.2. I just pinged my machine from my another machine and I got network is unreachable response. So it works great
Ooopsie, I was off the net, now when I am on I got 100% packet lost, so it works!!!
i use iptables on my firewall and set it to drop all incoming ICMP packets. if your firewall drops the packets, any machine attempting to connect will get "host unreachable" rather than a port blocked message. try and ping my box: endrium.com. :-)
"MonMotha's IPTables firewall is a simple shell script written in BASH. It has no extra subs or functions that I define, it's just run from top to bottom. Hopefully this will make it fairly easy to work with. The firewall attempts to make setting up a firewall on a linux system running a 2.4 Linux kernel as easy or easier than installing most other software "
Also i see on a security article, i dont remenber what article, that they recommend install a firewall and Portsentry at the same time.
Originally posted by Stephanie But not good enough. I dont want my system to respond at all to any scan.
TCP and UDP have distinct responses for reacting to connection requests when a port is open or closed, see for example alt.hacking FAQ, Fyodors The Art of Port Scanning and Phrack nr 49 text 15.
And a closed port can still by easily compromised, such as buffer overflows and such.
If a skiddie finds a port closed it means there's no daemon to connect to or it's been shielded for (any|their) address or range etc etc. Skiddie needs an established connection (3-way handshake) before being able to inject stuff.
As unSpawn says Fyodor's great article is a must to read. You will see that when ping sweep mode is on nmap wont look at ping replies but it will look for a tcp-reset reply from the scanned host and show that port as closed.
With iptables you can trick the scanners. With iptables PSD (Port Scan Detection) module search the google there are lots of nice examples on how to use psd module.