UNWANTED state
Matteo Croce
3297627799 at wind.it
Wed Dec 29 23:58:15 CET 2004
Hi,
time ago i wanted to stealth may gateway, so i start dropping outgoing
icmp-port-unreachable packets, to avoid UDP scans.
But i had also a '--dport 113 -j REJECT' target to allow faster irc logins,
that stopped working since those ICMP were rejected by the new rule.
So i hacked the kernel with a patch i also attach, to prevent those packets
being generated.
I also start dropping outgoing RST/ACK to prevent TCP scans, but now i have a
question:
can an UNWANTED state be useful?
I mean, incoming packets which dstport is closed were classified as UNWANTED.
So were possible to drop UNWANTED packets, and a port will be open when some
service listens to it and filtered (not closed) when the service doesn't
listens.
A simple firewall is having a DROP default policy and open used ports.
But what happens when the service listening behind that port stop listenings?
The port remains not filtered, and send RST/ACK (or icmp-port-unreachable)
when someone tries to connect to it.
Regards, Matteo
--
.""`. Matteo Croce <3297627799 at wind.it>
: :" : proud Debian admin and user
`. `"`
`- Debian - when you have better things to do than fix a system
-------------- next part --------------
A non-text attachment was scrubbed...
Name: udp.diff
Type: text/x-diff
Size: 956 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20041229/f47895ca/udp-0001.bin
More information about the netfilter-devel
mailing list