[NCLUG] Closing ports

J. Paul Reed preed at sigkill.com
Mon Apr 23 13:46:32 MDT 2001


On Mon, 23 Apr 2001, Michael Dwyer wrote:

> Ummm. No.  The kernel listens to ICMP traffic, but doesn't open TCP or
> UDP ports on its own.  These low ranges are actually handled internally
> by the inetd.  Echo returns whatever you send it.  Chargen spews a
> printer-test pattern of characters when you connect to it.  Useful for
> testing at one time, but consider what happens if you spoof some
> addresses -- connect someone's chargen port to someone else's echo port.
> No bandwidth for you!Because of that, they are usually commented out.

Really? I thought those services were generated by the kernel... I stand
corrected.

I always thought it was a cool trick to connect chargen and echo...

> ipchains are great, but I think you should always look into the source of
> the problem when you can.  eg, instead of firewalling the portmapper, why
> not just turn the portmapper off?  ESPECIALLY with the portmapper.  If
> you block the portmapper, all you have done is hidden the phone book.
> All your other RPC services are still running somewhere, it just becomes
> more difficult to find them.

Oh, I do both... I was just saying that if you really want to be paranoid
(and confuse the really newbie script kiddies), remove/turn off the
service AND use ipchains to firewall it... it does offer you another level
of protection, and they've done some really cool stuff in 2.4 with
Netfilter in regards to how you can tell your kernel to sling packets
around...

Later,
Paul
  ----------------------------------------------------------------------
  J. Paul Reed                preed at sigkill.com || web.sigkill.com/preed
  Homer no function beer well without.  -- H. Simpson, "The Joy of Sect"




More information about the NCLUG mailing list