From: Michael Gale <mgale@utilitran.com>
To: netfilter@lists.netfilter.org
Subject: Re: How to make a computer invisible
Date: Tue, 2 Dec 2003 09:01:20 -0700 [thread overview]
Message-ID: <20031202090120.65abc625.mgale@utilitran.com> (raw)
In-Reply-To: <1070380086.2057.17.camel@grendel>
Do you have rate limit on this rule - if not could someone simple just hammer a non-open port causing your machine to send out a large amount of REJECT packets ?
Michael.
On Tue, 02 Dec 2003 10:48:08 -0500
Chris Brenton <cbrenton@chrisbrenton.org> wrote:
> On Tue, 2003-12-02 at 10:14, Michael Gale wrote:
> > Hello,
> >
> > You can make a machine almost invisible with iptables.
>
> <snip>
>
> > So if I do a nmap for all TCP and UDP ports and watch the traffic through a TCP dump the only responses I see are ARP replies.
>
> I guess this depends on what you mean by "invisible". When you ran your
> scan nmap reported back "filtered". This is because nmap is smart enough
> to know that no response back means there is a firewall controlling
> traffic between the source and the target.
>
> So while an attacker can't tell if the IP is up or down, they can tell
> there is a firewall in the way and if the host is up, no accessible
> services are being offered.
>
> > If you have a service on the IP -- like a web server I can not see you being able to hide it.
>
> I've had pretty good luck using:
> -j REJECT --reject-with icmp-host-unreachable
>
> If the open service ports are not the first ones hit, many vulnerability
> scanners read this as the host being off-line and never bother to
> complete the scan. So while people going directly to port 80 will access
> your Web server without a problem, people doing a vertical port scan
> many times get a response saying the host is off-line and never get to
> see that TCP/80 is open.
>
> HTH,
> C
>
>
>
--
Michael Gale
Network Administrator
Utilitran Corporation
next prev parent reply other threads:[~2003-12-02 16:01 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-02 4:40 How to make a computer invisible Babar Kazmi
2003-12-02 15:14 ` Michael Gale
2003-12-02 15:48 ` Chris Brenton
2003-12-02 16:01 ` Michael Gale [this message]
2003-12-02 18:09 ` Chris Brenton
2003-12-02 16:26 ` Thomas Preissler
2003-12-02 18:19 ` Chris Brenton
2003-12-02 19:48 ` Arnt Karlsen
-- strict thread matches above, loose matches on Subject: below --
2003-12-01 9:59 ph4ke
2003-11-30 18:12 Thomas Preissler
2003-11-30 18:31 ` Chris Brenton
2003-11-30 19:32 ` Leonardo Rodrigues Magalhães
2003-11-30 18:53 ` Chris Brenton
2003-11-30 19:49 ` Leonardo Rodrigues Magalhães
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031202090120.65abc625.mgale@utilitran.com \
--to=mgale@utilitran.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.