Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: firewall vs. closing ports
Special Forums Cybersecurity firewall vs. closing ports Post 14935 by LivinFree on Friday 8th of February 2002 04:23:13 AM
Old 02-08-2002
Well, the best installation would be to have a seperate firewall box upstream from your server (cool graphics to followSmilie

(internet) =====> (firewall) -------> (webserver)

If you don't have ports open, you can't attack them. That's as simple as it is. But it may be good just to keep people from scanning and probing the box.

Also, you can set it up to help protect from becoming the man in the middle of an attack; i.e. Someone magically roots your box through an insecure CGI script, manages to open a remote shell on a high port. Now if you had a firewall, they still couldn't get in to use the shell they uploaded for you. But also, say they begin using your box to jump to others - not good...
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

closing open ports

/* Linux Slackware */ Nmap shows the following ports open on the gateway. 21/tcp ftp 22/tcp ssh 23/tcp telnet 25/tcp smtp 37/tcp time 80/tcp http 113/tcp auth 515/tcp printer 587/tcp submission 1024/tcp kdm 6000/tcp x11 ------------------------------- i would like to close as... (10 Replies)
Discussion started by: LowOrderBit
10 Replies

2. IP Networking

Closing out ports???

Hi all Is there a command that I can use to close out open ports? I did a netstat - a -p and got a long list of ports open (see sample below). I have disabled the some of the applications from /etc/services/. But there are still applications listening on certain ports. I need to know how to... (6 Replies)
Discussion started by: skotapal
6 Replies

3. Post Here to Contact Site Administrators and Moderators

Closing a thread

hi, Just wondering if there could be a way to close threads whose creator has got the desired reply. however if someone still wants to give a remark or suggest further on the thread one can still do so. Besides on the control panel there should be some kind of selection criteria to view... (3 Replies)
Discussion started by: linuxpenguin
3 Replies

4. Cybersecurity

Firewall Ports

Could someone please settle an inter-office argument? Will your network traffic be slower through a firewall on any other port other than port 80. In other words, is port 80 faster than any other port you open on the firewall. I say no. Thanks in advance for the help! (2 Replies)
Discussion started by: cocolsmith
2 Replies

5. Shell Programming and Scripting

closing windows

Ok i know to open a window from a script (mac); open whatever(name of a directory) but i don't how to close it. please some help. thanks. (0 Replies)
Discussion started by: Tártaro
0 Replies

6. Shell Programming and Scripting

closing unwanted open ports using scripts

i have a text file i.e file1.txt which shows open ports on particular system. i have another text file i.e file2.txt which shows a list of allowed ports on a system. for eg: file2.txt 22/tcp ssh 23/tcp telnet. can i have a script which would compare these text files ,file1 and file2 ... (1 Reply)
Discussion started by: anand121
1 Replies

7. What is on Your Mind?

AllTheWeb closing

It was officially announced that AllTheWeb is closing. Yahoo! no longer supports the function as per april 2011: AlltheWeb.com Before the world turned to google by default, there used to be a plethora of search engines. Most of them gave a headache with the prolific use of colors and animated gifs... (4 Replies)
Discussion started by: figaro
4 Replies

8. UNIX for Dummies Questions & Answers

I have firewall rules to open ports, why telnet refuses connection?

Alright... this question comes from the fact that I'm trying to setup postfix to relay messages to Office 365 SMTP but its giving me connection refused... I read that if you have doubts if your port is open or not you should telnet to them so thats what I did. This is a Red Hat 6.3 box. My... (4 Replies)
Discussion started by: RedSpyder
4 Replies

9. Post Here to Contact Site Administrators and Moderators

Closing thread

Hi, I guess, users do not have rights to close a thread. Please close thread 'Small automation' as it is resolved. Regards, snjksh (1 Reply)
Discussion started by: snjksh
1 Replies

LEARN ABOUT OPENSOLARIS

ipfilter.conf

NETSCRIPT-2.2.conf(5)                                           File Formats Manual                                          NETSCRIPT-2.2.conf(5)

NAME

       /etc/netscript/network.conf - interface, firewalling, and QoS configuration file.

       /etc/netscript/if.conf - interface setup shell script file

       /etc/netscript/qos.conf - QoS setup shell script file

       /etc/netscript/ipfilter.conf - IP chains filtering shell script file

       /etc/netscript/srvfilter.conf - server IP filter shell script file

DESCRIPTION

       This manpage is a place holder until something better is written when the netscript itself has stopped changing rapidly.

       Please  see  the README file in the /etc/netscript directory, and READ the configuration files if you need to change them.  Apart from net-
       work.conf, all of them contain sh (1) shell script functions which are there so that various things can be altered  or  hooked  in  at  the
       right place. Network.conf contains the full network setup details, including special interface setup for the likes of ciped/pppd/wanconfig,
       and is fully commented with examples given.

UPGRADE PATH FROM KERNEL 2.2.X
       The firewall/IP filtering stuff in ipfilter.conf is the part that changed radically with the move to iptables and a far better way of  set-
       ting  up  the  IP filtering rules, however the QoS and interface startup/shutdown in if.conf have changed but are backwards compatible with
       the old 2.2.x ipchains version of netscript for the interface address configuration settings.  You will have to set up the filtering  again
       to use iptables by directly using the iptables commands.

       Also,  the  kernel  2.2.x version scripts are set up so that iptables is only run on a 2.4.x kernel, otherwise IP forwarding is disabled if
       beforehand you set IPFWDING_KERNEL to FILTER_ON in network.conf.

       This means that when you upgrade a box to a 2.4.x router kernel, you should then be able to reboot it and log  into  remotely  and  upgrade
       netscript  to  the version that will support 2.4.x.  In this situation, if you have set old IPFWDING_KERNEL setting to FILTER_ON beforehand
       in network.conf, all IP forwarding through the box will also be disabled.  This means that you can safely remotely upgrade a firewall.

SEE ALSO

       netscript(8), ipchains(8), iproute(8), brcfg(8).

AUTHOR

       This manual page was written by Matthew Grant <grantma@anathoth.gen.nz>, for the Debian GNU/Linux system (but may be used by others).

BUGS

       The author is lazy.  He needs to write btter man pages...

                                                                 November 23, 2000                                           NETSCRIPT-2.2.conf(5)
All times are GMT -4. The time now is 06:38 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy