LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-01-2005, 08:25 PM   #1
servnov
Member
 
Registered: Sep 2004
Distribution: Slackware 10.2
Posts: 276

Rep: Reputation: 30
closed vs. filtered ports


Let's say I turn-off all my services and due an port scan of the machine. The scanner will say that ports are closed. Now, if I throw in some iptable rules and scan again, I get 'filtered' ports.

What is the difference, and is having closed ports any more suseptible to attack than having filtered ports?
 
Old 10-01-2005, 08:33 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
when you scan a port and it's determined to be "closed" it means your scanner actually got a "connection rejected" from that port...

when you scan a port and it's determined to be "filtered" or "stealthed" it means your scanner didn't get any response from that port...

in iptables terms, the difference between stealthed and closed is the difference between the DROP target and the REJECT target...

change the DROP in your iptables rules/policy to REJECT and you will see...

BTW, the end effect is the same whether you REJECT or DROP - the connection is denied either way... but of course there will be further implications to each method... the most obvious implication of using REJECT instead of DROP is loss of stealth...


Last edited by win32sux; 10-01-2005 at 08:34 PM.
 
Old 10-01-2005, 08:47 PM   #3
servnov
Member
 
Registered: Sep 2004
Distribution: Slackware 10.2
Posts: 276

Original Poster
Rep: Reputation: 30
Cool. I see. I was just wondering how important a firewall would be if all services are closed?
 
Old 10-01-2005, 09:03 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally posted by servnov
Cool. I see. I was just wondering how important a firewall would be if all services are closed?
just as important as if all your services would be listening...

the importance of a firewall isn't determined by the amount of services or lack thereof that are running behind it at a certain point in time... the importance of the firewall is determined by the kind of control the system/network administrator wants/needs to have over packets that are coming in/out of his PC, LAN, etc...

in other words, just because you aren't running any services on your box doesn't mean you want to allow ANY packet to come into your box... it also doesn't mean you want to allow ANY packet to exit your box... you want to make sure that bad packets get filtered, and the way you do that is with a firewall...


Last edited by win32sux; 10-01-2005 at 10:02 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
New installation of a VPS with Slackware: Strange filtered ports fax8 Linux - Security 5 09-10-2005 09:13 AM
How to check if packets/ports are being filtered/blocked mfeoli Linux - Networking 1 11-05-2004 05:27 AM
port closed/filtered? name_in_use450 Linux - Security 3 09-06-2004 05:52 PM
Help getting my ports filtered/closed.... BmxFace Linux - Security 3 02-04-2004 11:07 AM
Closed ports? Greg21 Linux - Networking 4 01-14-2002 11:37 PM


All times are GMT -5. The time now is 10:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration