Re: [gentoo-server] how to stop tracing

public inbox for gentoo-server@lists.gentoo.org
 help / color / mirror / Atom feed

From: Andrew Gaffney <agaffney@gentoo.org>
To: gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] how to stop tracing
Date: Wed, 16 Jan 2008 06:44:47 -0600	[thread overview]
Message-ID: <478DFC3F.5040308@gentoo.org> (raw)
In-Reply-To: <cb9528810801160436i24a516e8ke29ec1cdb8bfbf86@mail.gmail.com>

widyachacra wrote:
> Dear List friends,
> 
> When i scan my own domain from an out side host using 'nmap' tool it 
> shows following results. How do i block this kind of tracing using 
> linux. Please help me.

You don't. There's no difference between a scanner connecting to a particular 
port to determine if something listening on it and a legitimate user connecting 
to that port in order to use that service. However, there are various ways to 
slow it down.

The "easiest" method is to just use -P DROP on your INPUT chain in iptables, 
which causes iptables to simply drop any incoming packets that aren't explicitly 
allowed, which means that the person on the other end has to wait for the TCP 
timeout for each packet sent instead of immediately getting a "there's nothing 
here" response.

Another way is with iptables's limit module. It allows you to only allow a 
certain number of new connection attempts (or any other kind of packet) from a 
certain host (or group of hosts) within a certain time period. This will have a 
similar effect to the previous method.

The only truly effective way (that I'm aware of) to prevent these port scans is 
to have no ports open to scan.

-- 
Andrew Gaffney                                 http://dev.gentoo.org/~agaffney/
Gentoo Linux Developer             Catalyst/Installer + x86 release coordinator
-- 
gentoo-server@lists.gentoo.org mailing list

next prev parent reply	other threads:[~2008-01-16 12:44 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-16 12:36 [gentoo-server] how to stop tracing widyachacra
2008-01-16 12:44 ` Andrew Gaffney [this message]
2008-01-16 18:41 ` Lindsay Haisley
2008-01-16 21:26 ` Christopher Dale
2008-01-16 21:52   ` Andrew Gaffney
2008-01-16 22:00   ` Mark Rudholm
2008-01-16 22:04     ` RijilV
2008-01-17 21:48     ` A. Khattri
  -- strict thread matches above, loose matches on Subject: below --
2008-01-16 20:05 Tom Grace

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=478DFC3F.5040308@gentoo.org \
    --to=agaffney@gentoo.org \
    --cc=gentoo-server@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox