UNWANTED state

Matteo Croce 3297627799 at wind.it
Wed Dec 29 23:58:15 CET 2004


Hi,
time ago i wanted to stealth may gateway, so i start dropping outgoing 
icmp-port-unreachable packets, to avoid UDP scans.
But i had also a '--dport 113 -j REJECT' target to allow faster irc logins,
that stopped working since those ICMP were rejected by the new rule.
So i hacked the kernel with a patch i also attach, to prevent those packets 
being generated.
I also start dropping outgoing RST/ACK to prevent TCP scans, but now i have a 
question:
can an UNWANTED state be useful?
I mean, incoming packets which dstport is closed were classified as UNWANTED.
So were possible to drop UNWANTED packets, and a port will be open when some 
service listens to it and filtered (not closed) when the service doesn't 
listens.
A simple firewall is having a DROP default policy and open used ports.
But what happens when the service listening behind that port stop listenings?
The port remains not filtered, and send RST/ACK (or icmp-port-unreachable) 
when someone tries to connect to it.

Regards, Matteo

-- 
  .""`.     Matteo Croce <3297627799 at wind.it>
 : :"  :    proud Debian admin and user
 `. `"`
   `-  Debian - when you have better things to do than fix a system
-------------- next part --------------
A non-text attachment was scrubbed...
Name: udp.diff
Type: text/x-diff
Size: 956 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20041229/f47895ca/udp-0001.bin


More information about the netfilter-devel mailing list