Re: ftp and portscans
This is a discussion on Re: ftp and portscans within the IPFilter forums, part of the System Security and Security Related category; > Sorry, i am using ipnat. The two major domains i'd like to allow ftp to > my machine ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-10-2003
|
|||
|
|||
Re: ftp and portscans
> Sorry, i am using ipnat. The two major domains i'd like to allow ftp to > my machine are earthlink.net and woh.rr.com everything else should get an > rst response. You'll have to look up the the net blocks for those domains, and use rules something like block in return-rst on <interface> proto tcp from any to <address> \ flags S/SA block in on <interface> proto tcp from any to any pass in on <interface> proto tcp from <net block> to <address> \ port = 21 flags S/SA keep state (There are lots ways to write rules achieving the same effect.) Note that giving the "earthlink.net" domain access to your FTP port allows connections (and port scans) from, oh, several hundred thousand addresses. > Is there other techniques i can employ to negate the effect of a > portscan? Don't sweat port scans. If your system is secure, they can't hurt you. (In other words, don't rely on packet filtering alone for network security. Make sure the software you use for any network services has no known vulnerabilities, and that it's configured properly.) David S. 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 01:56 PM.
