Port Scan

Full Version: Port Scan

GovernmentSecurity.org > System Security > Networking Security / Firewall / IDS / VPN / Routers

izy

Oct 15 2003, 03:51 AM

how can i make my ports invisible to an port scan .. and my server to don`t have ping on ping -t ip .. can anyone help me?

coder

Oct 15 2003, 12:06 PM

hey, firewalls help a lot when trying to defeat scans...

What OS? Are you running a firewall? You SHould!

Tell us what OS/Firewall you're running- then maybe we can help

If you are running IPTABLES, here are some cool rules...
(taken from tge neohapsis archives...)

> * iptables -A INPUT -p icmp --icmp-type 8 -j REJECT --reject-with
> host-unreach
>
> Prevents people from pinging me without crippling my ability to
> ping/traceroute other people. Mainly this is just a minor annoyance for
> people trying to portscan me with programs like nmap that ping the host
> first, they just have to add -P0 and try again. Then again, this might
> stop some really stupid script kiddies. I'm thinking about setting up a
> similar rule that would log people who ping me, just for fun.

> * iptables -A INPUT -i eth0 -f -j REJECT --reject-with host-unreach
>
> Just drops fragments. I'm not really an expert on this, but I heard that
> fragments can be used maliciously (in port scans and such) and have little
> to no valid use nowadays, so I thought it might be smart to block them.

packet

Oct 15 2003, 12:32 PM

Don't get me started on fragments and MTU and all that jazz. Just to note, you can still see valid fragments today as a result of modem users and whatnot. They are just less common. Most good firewalls and IDS systems will automatically reassemble packets and drop/log them if something weird is going on.

--P.G>>

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Port Scan GovernmentSecurity.org > System Security > Networking Security / Firewall / IDS / VPN / Routers izy Oct 15 2003, 03:51 AM how can i make my ports invisible to an port scan .. and my server to don`t have ping on ping -t ip .. can anyone help me? coder Oct 15 2003, 12:06 PM hey, firewalls help a lot when trying to defeat scans... What OS? Are you running a firewall? You SHould! Tell us what OS/Firewall you're running- then maybe we can help If you are running IPTABLES, here are some cool rules... (taken from tge neohapsis archives...) > * iptables -A INPUT -p icmp --icmp-type 8 -j REJECT --reject-with > host-unreach > > Prevents people from pinging me without crippling my ability to > ping/traceroute other people. Mainly this is just a minor annoyance for > people trying to portscan me with programs like nmap that ping the host > first, they just have to add -P0 and try again. Then again, this might > stop some really stupid script kiddies. I'm thinking about setting up a > similar rule that would log people who ping me, just for fun. > * iptables -A INPUT -i eth0 -f -j REJECT --reject-with host-unreach > > Just drops fragments. I'm not really an expert on this, but I heard that > fragments can be used maliciously (in port scans and such) and have little > to no valid use nowadays, so I thought it might be smart to block them. packet Oct 15 2003, 12:32 PM Don't get me started on fragments and MTU and all that jazz. Just to note, you can still see valid fragments today as a result of modem users and whatnot. They are just less common. Most good firewalls and IDS systems will automatically reassemble packets and drop/log them if something weird is going on. --P.G>> This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.