[arch-general] Port 80 is shown open in port scan without any web server running
Partha Chowdhury
partha at gmx.us
Wed Mar 30 12:16:18 EDT 2011
On 30/03/11 19:38, Thomas Bächler wrote:
>
> You cannot "hide" yourself on the internet. If you were offline, the
> next router would reply that your machine is unreachable. By not
> answering, you not only tell the "attacker" that you are online, you
> also tell him that you don't know shit about networking.
>
> Google it.
>
Thank you for clearing that up :-) I always believed that remaining
stealth, my machine was hidden on the internet from prying eyes. I was
so mistaken !:-[
>>> -A INPUT -j REJECT --reject-with icmp-proto-unreachable
>>
> This properly rejects packets to your IP that are neither ICMP nor TCP
> nor UDP.
>
Sorry I confused packets with protocols. It basically tells that no
http,pop3,ftp or imap services is running on my machine and politely
closes the connection instead silently dropping the connection, right ?
>>
> And how does that harm you? It is rejected, and the sender now knows
> that he is sending to the wrong destination (instead of continuously
> retrying, which he would probably if you DROPped it).
>
It seems you were right. With my previous iptables configuration, i was
getting thousands of unwanted packets from same sources multiple times.
After using your configuration, there is a very sharp decrease of
unwanted packets.
More information about the arch-general
mailing list