Open ports on FC2
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Sat Jul 24 20:30:30 UTC 2004
Am Sa, den 24.07.2004 schrieb Jorge Fábregas um 22:20:
> It didn't say that those ports were open. It probably means that he has some
> ACL (access control list) on the server, thru inetd, xinetd or the daemons
> themselves...and when someone attempts these ports on his machine you're just
> denied access (but that's the problem: you know they are there!). That's the
> main difference between REJECT and DROP when you use iptables. With DROP the
> port scanner will not receive a response back. With REJECT you'll get a
> response back. Youl should avoid REJECT...and always use DROP (it's way
> better..as you're completely STEALTH). The only reason for using REJECT
> (that I can think of) is for trouble-shooting purposes.
No, DROP is some kind of "a-social" as it causes timeout delays even for
users with legitimate interests on connecting services. And you won't
get any security improvements by using DROP instead of REJECT.
But I don't want to restart a discussion about that topic in special
again. We had this some months ago.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp
Serendipity 22:27:12 up 2 days, 7:15, load average: 0.09, 0.08, 0.05
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040724/96333c59/attachment-0001.sig>
More information about the fedora-list
mailing list