Ignore all incoming udp/ip and udp/ip on all ports, except open ports?

Ignore all incoming udp/ip and udp/ip on all ports, except open ports?

Post by Genes » Thu, 14 Dec 2000 12:57:50



Hey,
    I want to set my linux box up such that it will not even admit
that it exists (Stealth, if you will) on ports that are not open for
connections.  Port 79 (Finger) for instance, I ran  port scanner on my box
and it responded that the machine exists, and the port is closed.
Is there a to get it to not respond (ignore) incoming connections
altogether?

Also, it is running as a webserver / router / firewall.
I would also like to bind certain services to net devices like
FTP to eth1, so I can access them on my VPN, but not from the
outside eth0.  Is that possible?

If anyone has any ideas I would be most appreciative,
maybe direct me to the appropriate HOWTO?

Thanks,
       Genesis

 
 
 

Ignore all incoming udp/ip and udp/ip on all ports, except open ports?

Post by Jaap Brin » Thu, 14 Dec 2000 15:29:31



> Hey,
>     I want to set my linux box up such that it will not even admit
> that it exists (Stealth, if you will) on ports that are not open for
> connections.  Port 79 (Finger) for instance, I ran  port scanner on my box
> and it responded that the machine exists, and the port is closed.
> Is there a to get it to not respond (ignore) incoming connections
> altogether?

> Also, it is running as a webserver / router / firewall.
> I would also like to bind certain services to net devices like
> FTP to eth1, so I can access them on my VPN, but not from the
> outside eth0.  Is that possible?

> If anyone has any ideas I would be most appreciative,
> maybe direct me to the appropriate HOWTO?

> Thanks,
>        Genesis

Hi, you could try to install PortSentry and run it in stealth mode. This
way you'll be able to pick up scans. Now, as soon as your machine gets
probed, the software will kick in, drop that partcicular host in
/etc/hosts.deny and voila. Nothing goes back to that machine. It's as if
the packets drop on the floor ;-)

To close ports completely, simply add lines like
'ipchains -A input -p tcp --destination-port smtp -i eth1 -j REJECT -l'
in a startup file. Of course, you can substitute smtp with any of your
favorite (or less favorite) programs. Also, you could reject based upon
port numbers (please 'man ipchains').

Jaap

-- -- Jaap Brink, Ph.D., Biochemistry, One Baylor Plaza, Baylor College of
Medicine, Rm. N420 Alkek Building, Houston, TX 77030

URL  : http://ncmi.bioch.bcm.tmc.edu/~brink

 
 
 

Ignore all incoming udp/ip and udp/ip on all ports, except open ports?

Post by Genes » Fri, 15 Dec 2000 11:31:47





>> Hey,
>>     I want to set my linux box up such that it will not even admit
>> that it exists (Stealth, if you will) on ports that are not open for
>> connections.  Port 79 (Finger) for instance, I ran  port scanner on my
>> box and it responded that the machine exists, and the port is closed.
>> Is there a to get it to not respond (ignore) incoming connections
>> altogether?

>> Also, it is running as a webserver / router / firewall.
>> I would also like to bind certain services to net devices like
>> FTP to eth1, so I can access them on my VPN, but not from the
>> outside eth0.  Is that possible?

>> If anyone has any ideas I would be most appreciative,
>> maybe direct me to the appropriate HOWTO?

>> Thanks,
>>        Genesis

>Hi, you could try to install PortSentry and run it in stealth mode. This
>way you'll be able to pick up scans. Now, as soon as your machine gets
>probed, the software will kick in, drop that partcicular host in
>/etc/hosts.deny and voila. Nothing goes back to that machine. It's as if
>the packets drop on the floor ;-)

>To close ports completely, simply add lines like
>'ipchains -A input -p tcp --destination-port smtp -i eth1 -j REJECT -l'
>in a startup file. Of course, you can substitute smtp with any of your
>favorite (or less favorite) programs. Also, you could reject based upon
>port numbers (please 'man ipchains').

>Jaap

>-- -- Jaap Brink, Ph.D., Biochemistry, One Baylor Plaza, Baylor College
>of Medicine, Rm. N420 Alkek Building, Houston, TX 77030

>URL  : http://ncmi.bioch.bcm.tmc.edu/~brink

Oh, Excellent, Thank You.

Regards,
         Genesis

 
 
 

Ignore all incoming udp/ip and udp/ip on all ports, except open ports?

Post by Genes » Fri, 15 Dec 2000 11:36:32





>> Hey,
>>     I want to set my linux box up such that it will not even admit
>> that it exists (Stealth, if you will) on ports that are not open for
>> connections.  Port 79 (Finger) for instance, I ran  port scanner on my
>> box and it responded that the machine exists, and the port is closed.
>> Is there a to get it to not respond (ignore) incoming connections
>> altogether?

>> Also, it is running as a webserver / router / firewall.
>> I would also like to bind certain services to net devices like
>> FTP to eth1, so I can access them on my VPN, but not from the
>> outside eth0.  Is that possible?

>> If anyone has any ideas I would be most appreciative,
>> maybe direct me to the appropriate HOWTO?

>> Thanks,
>>        Genesis

>Hi, you could try to install PortSentry and run it in stealth mode. This
>way you'll be able to pick up scans. Now, as soon as your machine gets
>probed, the software will kick in, drop that partcicular host in
>/etc/hosts.deny and voila. Nothing goes back to that machine. It's as if
>the packets drop on the floor ;-)

>To close ports completely, simply add lines like
>'ipchains -A input -p tcp --destination-port smtp -i eth1 -j REJECT -l'
>in a startup file. Of course, you can substitute smtp with any of your
>favorite (or less favorite) programs. Also, you could reject based upon
>port numbers (please 'man ipchains').

>Jaap

>-- -- Jaap Brink, Ph.D., Biochemistry, One Baylor Plaza, Baylor College
>of Medicine, Rm. N420 Alkek Building, Houston, TX 77030

>URL  : http://ncmi.bioch.bcm.tmc.edu/~brink

Oh, Excellent, Thank You(!)  :-)

--
Best Regards,
            Genesis

 
 
 

1. ipchains/TCP/UDP, Why should I open UDP ports so that my TCP ports can work?

Hi,

I have set up firewall to accept some ports.
/sbin/ipchains -F input
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -A input -p TCP -s 0/0 --dport ssh -j ACCEPT
/sbin/ipchains -A input -p UDP -s 0/0 --dport ssh -j ACCEPT
....

Then I want to lock down all other ports.
/sbin/ipchains -A input -p TCP -s ! 192.168.0.0/24 -j DENY

#??? what's wrong with this UDP ???
/sbin/ipchains -A input -p UDP -s ! 192.168.0.0/24 -j DENY

If I comment out the UDP line, I can ssh into firewall from outside.
If I don't comment out that line, I can no longer ssh into firewall from
outside.

Why should I open UDP ports so that my TCP ports can work?

Thanks for any help.

Ed Wu

2. ipfw vs ipfilter

3. aplication to receive [ethernet|IP|UDP] and [ethernet|ppp|IP|UDP] packages over socket

4. Sync'ed Data Writes Only?

5. application to receive ethernet|IP|UDP a ethernet|ppp|IP|UDP packages over socket

6. PROBLEM: Bass & Treble no longer work with emu10k1 on Linux-2.4.9

7. Question: on iptables and opening a port for incoming tcp/udp packets

8. problems with NCR-SCSI and kernel 2.0

9. Multiple UDP server on the same IP and port (but working)???

10. Multiple UDP Binds to the same ip:port address?

11. ICQ behind IP Masq w/firewall UDP port 4000 ???

12. udpred.c: UDP Port Redirector (IP Masq)

13. Ports 137/udp and 138/udp are in use but no process can be found