Re: Open ports on FC2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Sa, den 24.07.2004 schrieb Jorge Fábregas um 22:20:

> It didn't say that those ports were open. It probably means that he has some 
> ACL (access control list) on the server, thru inetd, xinetd or the daemons 
> themselves...and when someone attempts these ports on his machine you're just 
> denied access (but that's the problem: you know they are there!).  That's the 
> main difference between REJECT and DROP when you use  iptables. With DROP the 
> port scanner will not receive a response back. With REJECT you'll get a 
> response back.  Youl should avoid REJECT...and always use DROP (it's way 
> better..as you're completely STEALTH).  The only reason for using REJECT 
> (that I can think of) is for trouble-shooting purposes.

No, DROP is some kind of "a-social" as it causes timeout delays even for
users with legitimate interests on connecting services. And you won't
get any security improvements by using DROP instead of REJECT.

But I don't want to restart a discussion about that topic in special
again. We had this some months ago.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp 
Serendipity 22:27:12 up 2 days, 7:15, load average: 0.09, 0.08, 0.05 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux