Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anti-Death Penalty

From: dimitry () KIEV SOVAM COM (Dmitry Alyabyev)
Date: Tue, 1 Feb 2000 10:08:51 +0200

hi

Saturday, January 29, 2000, 1:54:34 AM, Derek Moeller wrote:


On Wed, Jan 26, 2000 at 03:25:00PM -0800, Robert Graham wrote:

Note: If you are running a personal firewall, what you'd see is a connection
attempt against TCP ports 80 and 119. Apparently, they aren't looking for
anything else at this time (like SOCKS at port 1080, squid at 3128, or
anything else).



Here's my question: what if you set up a firewall rule to send a RST to
any port 80 (or 119) connection attempts made by their scanning
machine(s)? This would simulate a closed port. Are there any methods
available to combat this kind of trickiness?


Yes, use ipfilter.
You can supply both of methods - send RST to caller or not (better, as
in case of power off).
In  Solaris  you can change lenght of queue of incoming connections to
prevent put down your server by the sniffer.


--
Best rgds,                      Dimitry

System administrator            nic-hdl: DYA7-RIPE
SOVAM TELEPORT, Kiev, Ukraine   http://www.al.org.ua
Previous By Date Next
Previous By Thread Next

Current thread: