var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
nmap is *unix based scanner, correct ?
Is it possible to hide which servers (ports) are open on target server which nmap is scanning?
If some ports are filtered in iptables, when server is scanned using nmap command, it is going to show, port 80 filtered etc.
So, is there a way (i am asking twice, i know, because i am not sure if you understand me ) to block or hide active servers\services\ports on target server using just iptables?
Target server unable to determine who connect to the ports - scanner or valid client.
Moreover nmap have A LOT of special silent scanning modes.
But it is not really necessary to hide ports.
If you do not want to show services ports to public - just not show its! For example you can allow connections to private ports for certain IP range only. Or you can use ssh-tunnel to connect to services through firewall.
Instead of filtering the ports with just "-j REJECT" or "-j DROP", use "-j REJECT --reject-with tcp-reset".
Originally Posted by
If you just use "-j DROP", then nmap will attempt several connections before giving up, labeling the port as filtered.
If you just use "-j REJECT", the server will send back an ICMP port unreachable packet, and nmap will also show that as filtered.
If you use "-j REJECT --reject-with tcp-reset", nmap will see the rst packet and show the port as being closed.
Thank you, will try that.
Um, i was thinking something ...
Is it safe (good enough) to have ports filtered ?
They are only allowed to be accessed from localhost, from out outside its filtered (blocked).
By Markus H in forum Hosting Security and Technology
Last Post: 08-17-2006, 12:27 PM
By Luciano in forum Hosting Security and Technology
Last Post: 05-30-2005, 03:20 PM
By stardotstar in forum Hosting Security and Technology
Last Post: 02-08-2005, 06:51 PM
By skr hosting in forum Programming Discussion
Last Post: 01-13-2004, 11:30 PM
By o_O in forum Dedicated Server
Last Post: 07-29-2003, 11:34 AM