From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JFEXa-00027m-8u for garchives@archives.gentoo.org; Wed, 16 Jan 2008 20:07:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 64643E09F7; Wed, 16 Jan 2008 20:06:01 +0000 (UTC) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by pigeon.gentoo.org (Postfix) with ESMTP id 265A6E09F5 for ; Wed, 16 Jan 2008 20:06:01 +0000 (UTC) Received: by ug-out-1314.google.com with SMTP id j3so264708ugf.49 for ; Wed, 16 Jan 2008 12:06:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:date:subject:content-type:x-priority:x-mailer:mime-version:message-id; bh=m6BXRqlj+LiazWahLNL6GLlc4BtOzPy+sedb9Q3jxas=; b=oVzTGcMLVK3fjq8/UDLJv9QFaGCU5PjovIqb184YTa4wLJsiYVbqeJqX/NS9ifqfw9HG45734iP/A98rBBd8FBrJuZ+VVWXlkMw02WqWfBs39kVG4H/nUXWwZ+bbNiKH6z2LZ+LYJKqL8ziODqshlxxcesQ06iitfeOYZjHvYKY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:date:subject:content-type:x-priority:x-mailer:mime-version:message-id; b=USPt03lopMBNfMGE2nQcingPKU9g+pnnmZV9OBZ6lH8bGmiuijIkuRd200ZlXB2mUe6/3tMgNw3uiCkUfsVFZ1Pv6ALsgvYdqt81gFKHkXUVKOAOSbZlNhTjgMa/+fn/cNoFJGjZ37lcjaOKMBy3cGoV9shHytmmkdp3L8wpyQU= Received: by 10.66.254.19 with SMTP id b19mr2509870ugi.7.1200513960188; Wed, 16 Jan 2008 12:06:00 -0800 (PST) Received: from Moto-A760 ( [149.254.200.218]) by mx.google.com with ESMTPS id 6sm2125295ugc.60.2008.01.16.12.05.52 (version=SSLv3 cipher=OTHER); Wed, 16 Jan 2008 12:05:58 -0800 (PST) From: "Tom Grace" To: gentoo-server@lists.gentoo.org Date: Wed, 16 Jan 2008 20:05:11 +0000 Subject: RE: [gentoo-server] how to stop tracing Content-Type: text/plain; charset=us-ascii X-Priority: 3 X-Mailer: Moto-EZX Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org Mime-Version: 1.0 Message-ID: <478e63a6.0603420a.57f1.15c9@mx.google.com> X-Archives-Salt: 013a7069-99f5-4323-8c35-b74097d148d4 X-Archives-Hash: c02f14de24ed15028c833141ec7392bb Hello, you could also investigate psad the port scan attack detector. Afaik it will do dynamic firewall configuration. You could block connections from those scanning you. L8r, tom ---Original Email--- From:Lindsay Haisley Date:16/01/2008 18:41 To:gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] how to stop tracing Probably the most security-critical information here is version information. You can often configure daemons such as the apache server to hide version information. See, for instance: www.debianadmin.com/apache-tipshide-apache-information-php-software-version.html nmap also, I think, does some fairly intelligent analysis of connection announcements from servers and compares small details in these against the responses of known software packages and versions of same. Courier pop3d, for instance, doesn't announce that it's the Courier POP3 daemon when one connects to port 110, but nmap figures this out just the same. Otherwise, as Andrew says, you're going to have to live with a certain amount of exposure by virtue of the fact that you're running servers. Keep up with security updates and don't do anything silly with your configurations! On Wed, 2008-01-16 at 18:06 +0530, widyachacra wrote: > Dear List friends, > > When i scan my own domain from an out side host using 'nmap' tool it > shows following results. How do i block this kind of tracing using > linux. Please help me. > > nmap tracing result, > > PORT STATE SERVICE VERSION > 25/tcp open smtp netqmail smtpd 1.04 > 53/tcp open domain > 80/tcp open http Apache httpd 2.2.6 ((Gentoo)) > 110/tcp open pop3 Courier pop3d > 119/tcp open ssh OpenSSH 4.7 (protocol 2.0) > 209/tcp open tam? > 443/tcp open http Apache httpd 2.2.6 ((Gentoo)) > 628/tcp open tcpwrapped > 993/tcp open ssl/imap Courier Imapd (released 2005) > 995/tcp open ssl/pop3 Courier pop3d > > > -- > --- > > - Widyachacra Rajapaksha - > > * Lots of people make the mistake of thinking that Microsoft is a > software company. That's wrong. Microsoft is an abuse company that > uses software as a method of delivering abuse. > > * Never let a woman know that YOU are interested in her. > Love is a wish that hides in your heart, and nobody knows about it but > YOU > Reply With Quote -- gentoo-server@lists.gentoo.org mailing list -- gentoo-server@lists.gentoo.org mailing list