I have the firewall turned on my CentOS 5 box, but GRC is reporting that 631 is closed instead of stealthed. If the firewall isn't configured to allow that, then why might that be happening?
Miark
On Thu, 22 Nov 2007 15:57:38 +0800, Christopher wrote:
Miark wrote:
I have the firewall turned on my CentOS 5 box, but GRC is reporting that 631 is closed instead of stealthed. If the firewall isn't configured to allow that, then why might that be happening?
Do your firewall rules DROP or REJECT?
I assume drop, but I don't know for certain. I'm just using system-config-securitylevel to configure it.
Miark
On Thursday 22 November 2007 21:13:00 Miark wrote:
Do your firewall rules DROP or REJECT?
I assume drop, but I don't know for certain. I'm just using system-config-securitylevel to configure it.
We can see all the rules with: iptables -nL
HTH
Miark wrote:
I have the firewall turned on my CentOS 5 box, but GRC is reporting that 631 is closed instead of stealthed. If the firewall isn't configured to allow that, then why might that be happening?
that GRC port scanner is not something I'd rely on. use a shell account somewhere, and nmap to portscan yourself.
anyways, WTF 'stealth' ? ports are SUPPOSED to return "NAK" ... IMHO, 'stealth' is complete and total BS, dropping request packets does nothing useful.
On Thu, 22 Nov 2007 00:47:08 -0800, John wrote:
Miark wrote:
I have the firewall turned on my CentOS 5 box, but GRC is reporting that 631 is closed instead of stealthed. If the firewall isn't configured to allow that, then why might that be happening?
that GRC port scanner is not something I'd rely on. use a shell account somewhere, and nmap to portscan yourself.
I did that, too. 631 is actively rejecting instead of dropping.
anyways, WTF 'stealth' ? ports are SUPPOSED to return "NAK" ... IMHO, 'stealth' is complete and total BS, dropping request packets does nothing useful.
You don't think it helps to push scanning goons on to some other server? Or to prevent any sort of attack? It seems logical to me that dropping is less work for the box than doing anything else. (?)
Miark
Miark wrote:
On Thu, 22 Nov 2007 00:47:08 -0800, John wrote:
Miark wrote:
I have the firewall turned on my CentOS 5 box, but GRC is reporting that 631 is closed instead of stealthed. If the firewall isn't configured to allow that, then why might that be happening?
that GRC port scanner is not something I'd rely on. use a shell account somewhere, and nmap to portscan yourself.
I did that, too. 631 is actively rejecting instead of dropping.
anyways, WTF 'stealth' ? ports are SUPPOSED to return "NAK" ... IMHO, 'stealth' is complete and total BS, dropping request packets does nothing useful.
You don't think it helps to push scanning goons on to some other server?
If I attack your machine, whether a port discards packets or send me an RST is more or less irrelavant: this is a port I won't use, I'll go try the next one.
A honeypot is more efficient (against the attack). you can also use "recent" to block list scanners.
Or to prevent any sort of attack?
well, it's a kind of security by obscurity, so there are tradeoffs. you possibly make it hard for miscreants (for script kiddies really, not for "professionnal miscreants"), but you certainly make it hard for honest people. connection troubleshooting becomes hard or even impossible.
While I am in, some people block all icmp traffic. I personally consider such hosts as diconnected and their IPs as hijacked (subject to block listing).
It seems logical to me that dropping is less work for the box than doing anything else. (?)
If you return an RST, the client stops. if you drop, the client will retransmit. so you get more traffic (you send less, but you receive more). The difference is however ridiculous.
On Thu, 2007-11-22 at 02:48 -0500, Miark wrote:
I have the firewall turned on my CentOS 5 box, but GRC is reporting that 631 is closed instead of stealthed. If the firewall isn't configured to allow that, then why might that be happening?
The cups service opens port 631, regardless of your firewall settings. It then manually accepts or rejects connections.
Ignacio Vazquez-Abrams wrote:
On Thu, 2007-11-22 at 02:48 -0500, Miark wrote:
I have the firewall turned on my CentOS 5 box, but GRC is reporting that 631 is closed instead of stealthed. If the firewall isn't configured to allow that, then why might that be happening?
The cups service opens port 631, regardless of your firewall settings. It then manually accepts or rejects connections.
Yes but the firewall does affect whether packets can reach the cups service or not.
On Fri, 2007-11-23 at 10:17 +0800, Christopher Chan wrote:
Ignacio Vazquez-Abrams wrote:
On Thu, 2007-11-22 at 02:48 -0500, Miark wrote:
I have the firewall turned on my CentOS 5 box, but GRC is reporting that 631 is closed instead of stealthed. If the firewall isn't configured to allow that, then why might that be happening?
The cups service opens port 631, regardless of your firewall settings. It then manually accepts or rejects connections.
Yes but the firewall does affect whether packets can reach the cups service or not.
Huh, they finally removed the commands in the cups initscript that punched a hole in the firewall. Never mind then.