Full Disclosure mailing list archives

Re: closing ports

From: hena <hena () hack fi>
Date: Fri, 07 Nov 2003 15:30:56 +0200

Hi.

if your running linux try something like
iptables -t filter -A INPUT -p tcp -s 0.0.0.0 --syn -j REJECT
--reject-with tcp-reset

this way you get ALL the ports closed, even the local range ports and
still have a working connection, then open the ones you need to have
open. The --syn flag drops all packets that have syn bit enabled and 
ack bit not(these are the connection initiation packets).


On Fri, 2003-11-07 at 09:50, Christ-Henning Ljosheim wrote:

 
Hi 
I am new in this group (from Norway)
Do you have any tips for which ports I should close to held my network
clean for intruders ?
I've closed port 1214 and 6881 to 6889 . Anyone else I should close ?
 
Chris


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

closing ports Christ-Henning Ljosheim (Nov 07)
- Re: closing ports Charles E. Hill (Nov 07)
- Re: closing ports Valdis . Kletnieks (Nov 07)
- Re: closing ports hena (Nov 07)
  - Re: closing ports Valdis . Kletnieks (Nov 07)
- Re: closing ports Blue Boar (Nov 07)
- <Possible follow-ups>
- Re: closing ports marko (Nov 07)
- RE: closing ports Anjan Dave (Nov 07)