[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do I change my firewall ports to stealth mode?

On Sep 28, 2004, at 2:13 AM, Siju George wrote:

I changed the block-policy from return to drop. Now my ports except
113 are showing up as stealthed while twsting from


The Port 113 was opened because the PF FAQ asked to open it for SMTP

"Auth/Ident (TCP port 113): used by some services such as SMTP and IRC.
ICMP Echo Requests: the ICMP packet type used by ping(8). "

Now ask yourself- what's the point of dropping packets ("woo, I'm in stealth mode, woo..."), when a simple 1-1024 portscan will reveal you thanks to port 113 accepting connections (or sending resets, not sure if your identd is actually running)? Why wouldn't you rather just deny all and avoid behaving like a doof?

-- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net